VMware has released a new security advisory: VMSA-2018-0010: Horizon DaaS update addresses a broken authentication issue.
This advisory documents the remediation of one moderate issue: Horizon DaaS contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication.
To be able to exploit this vulnerability, a potential attacker must have a legitimate account on Horizon DaaS.
The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6960 to this issue.
All 7.x versions of Horizon DaaS are affected by this vulnerability. VMware recommends update to version 8.0.0.
Recent Comments