Bypassing Authentication in EasyVista Single Sign-On Implementation

CVE-2012-1256 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.

Learn more about our Web Application Penetration Testing UK.