Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability

September 22, 2020

Severity

Medium

Analysis Summary

Horizon DaaS contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Impact

bypass two-factor authentication

Affected Vendors

VMware

Affected Products

VMware Horizon DaaS (Horizon DaaS)

Remediation

Refer to VMware advisory for the complete list of affected products and respective patches.

https://www.vmware.com/security/advisories/VMSA-2020-0021.html

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SuperCard X Malware Exploiting NFC for Financial Fraud – Active IOCs

Zoom Remote Control Feature Exploited to Gain Access

Microsoft Entra Account Lockouts Triggered by Token Logging Error

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2020-12811 – FortiManager and FortiAnalyzer cross-site scripting

Rewterz Threat Advisory – Security Updates for Mozilla Firefox

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.