Today VMware has released the following new security advisory:
“VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue”
This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor authentication. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
All VMware Horizon DaaS 7.x versions are affected. This issue has been addressed in VMware Horizon DaaS 8.0.0.
We would like to thank Peter Ivezaj, President – Digital Upkeep for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.