CVE-2020-3977

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Horizon Daas
Vendor: CVE Published:; 22 September 2020

Summary

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Affected Version(s)

VMware Horizon DaaS VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1)

References

https://www.vmware.com/security/advisories/VMSA-2020-0021...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2020
Vulnerability Reserved
Dec 30, 2019