CVE-2018-6960

Summary

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Affected Software

VendorProductVersion RangeStatus
VMwareHorizon DaaS7.x before 8.0.0affected

Weaknesses

  • Broken authentication vulnerability

ADP Enrichment

CVE Program Container

Additional References

References