Rewterz

Rewterz Threat Advisory – CVE-2020-12811 – FortiManager and FortiAnalyzer cross-site scripting

September 22, 2020
Rewterz

Rewterz Threat Advisory – Security Updates for Mozilla Firefox

September 23, 2020

Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability

Severity

Medium

Analysis Summary

Horizon DaaS contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Impact

bypass two-factor authentication

Affected Vendors

VMware

Affected Products

VMware Horizon DaaS (Horizon DaaS)

Remediation

Refer to VMware advisory for the complete list of affected products and respective patches.

https://www.vmware.com/security/advisories/VMSA-2020-0021.html

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.