CVE-2020-3977

Name of the Vulnerable Software and Affected Versions: VMware Horizon DaaS versions 7.x and 8.x before 8.0.1 Update 1

Description: The issue is related to a broken authentication vulnerability due to a flaw in the way VMware Horizon DaaS handled the first factor authentication. This flaw may allow an attacker to bypass the two-factor authentication process. To exploit this issue, an attacker must have a legitimate account on Horizon DaaS. The vulnerability is also described as a lack of authentication for a critical function, which can be exploited by a remote attacker to bypass two-factor authentication.

Recommendations: For versions 7.x and 8.x before 8.0.1 Update 1, update to version 8.0.1 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to critical functions that rely on two-factor authentication until a patch is applied. Additionally, ensure that all accounts on Horizon DaaS are properly secured and monitored to minimize the risk of exploitation.