VMware has released a new update to their Horizon DaaS software. New version fixes a broken authentication vulnerability (CVE-2020-3977). Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit the vulnerability an attacker must have a legitimate account on Horizon DaaS.
Affected versions:
-Horizon DaaS 7.x & 8.x
For Horizon DaaS 8.x versions there is 8.0.1 Update 1 that fixes the issue.
More information can be read from the corresponding advisory.
No comments:
Post a Comment