Medium severity6.5NVD Advisory· Published Sep 22, 2020· Updated Jun 17, 2026
CVE-2020-3977
CVE-2020-3977
Description
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
Affected products
1- Range: < 8.0.1 Update 1
Patches
Vulnerability mechanics
References
1- www.vmware.com/security/advisories/VMSA-2020-0021.htmlnvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.