Horizon DaaS contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
bypass two-factor authentication
VMware Horizon DaaS (Horizon DaaS)
Refer to VMware advisory for the complete list of affected products and respective patches.