CVE-2018-6960 : What You Need to Know
Learn about CVE-2018-6960 affecting VMware Horizon DaaS versions 7.x before 8.0.0. Discover the impact, affected systems, exploitation details, and mitigation steps.
VMware Horizon DaaS (versions 7.x before 8.0.0) has a security flaw that could allow attackers to bypass two-factor authentication.
Understanding CVE-2018-6960
What is CVE-2018-6960?
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may enable attackers to bypass two-factor authentication. Attackers need a valid account on the platform to exploit this flaw.
The Impact of CVE-2018-6960
This vulnerability could lead to unauthorized access to VMware Horizon DaaS accounts, compromising sensitive data and potentially causing data breaches.
Technical Details of CVE-2018-6960
Vulnerability Description
- Security flaw in VMware Horizon DaaS (7.x before 8.0.0) allows bypassing two-factor authentication.
Affected Systems and Versions
- Product: Horizon DaaS
- Vendor: VMware
- Versions Affected: 7.x before 8.0.0
Exploitation Mechanism
- Attackers with valid accounts on Horizon DaaS can exploit the vulnerability to bypass two-factor authentication.
Mitigation and Prevention
Immediate Steps to Take
- Update VMware Horizon DaaS to version 8.0.0 or later to mitigate the vulnerability.
- Monitor accounts for any unauthorized access or suspicious activities.
Long-Term Security Practices
- Implement strong password policies and multi-factor authentication.
- Regularly review and update security configurations to prevent similar vulnerabilities.
Patching and Updates
- Stay informed about security advisories from VMware and apply patches promptly to address known vulnerabilities.