Ar1Vr

**Name of the Vulnerable Software and Affected Versions** EasyVista versions prior to 2010.1.1.89 **Description** The issue concerns the single sign-on (SSO) implementation, which allows remote attackers to bypass authentication. This can be achieved by modifying the `url account` parameter in conjunction with a valid login name in the `SSPI HEADER` parameter to the "index.php" endpoint. **Recommendations** For versions prior to 2010.1.1.89, update to version 2010.1.1.89 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint or validating the `url account` and `SSPI HEADER` parameters to minimize the risk of exploitation.