VMware urges admins to remove deprecated, vulnerable auth plug-in