Congratulations to our Senior Consultant David Roccasalva, for his discovery and responsible disclosure of a MFA Authentication Bypass vulnerability on VMWare Horizon DaaS (9.x, 8.x and 7.x) for VMware earlier this year.
VMWare Horizon DaaS (Desktop as a Service) is a remote desktop and application service used by organisations for working remotely on applications, which is depended by many during the remote work situation as a result of COVID-19.
VMWare has now released the advisory and patch for the product.
Discovery of vulnerabilities in VMWare products by external researchers speaks volumes, especially as they have a large security research team, internal Red Team and participants in various bug bounties. Well done again David!