CVE-2012-1256
easyvista < 2010 - Authentication Bypass via SSO URL Parameter Manipulation
Title source: llmDescription
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.
References (2)
Core 2
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/273502
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48124
Scores
EPSS
0.0149
EPSS Percentile
70.9%
Details
CWE
CWE-287
Status
published
Products (1)
easyvista/easyvista
< 2010
Published
Feb 22, 2012
Tracked Since
Feb 18, 2026