VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
[
{
"product": "VMware Horizon DaaS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1)"
}
]
}
]