Brute Force against VMware Horizon
Low
R
Rockstar Games
Submitted None
Team Summary
Official summary from Rockstar Games
In this report, the researcher discovered a VMWare Horizon admin remote access login portal that was publicly accessible and not sufficiently protected against credential stuffing/brute force attacks. No user accounts were breached; all employees are required to use MFA to login through such portals, but out of an abundance of caution the portal is in the process of being decommissioned. We thank the researcher for their efforts in identifying this potential weakness.
Actions:
Reported by
ivanglinkin
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Improper Restriction of Authentication Attempts