CVE-2020-3977

Summary

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Horizon DaaSVMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1)affected

Weaknesses

  • Broken authentication vulnerability

ADP Enrichment

CVE Program Container

Additional References

References