CVE-2012-1256

Name of the Vulnerable Software and Affected Versions EasyVista versions prior to 2010.1.1.89

Description The issue concerns the single sign-on (SSO) implementation, which allows remote attackers to bypass authentication. This can be achieved by modifying the url account parameter in conjunction with a valid login name in the SSPI HEADER parameter to the "index.php" endpoint.

Recommendations For versions prior to 2010.1.1.89, update to version 2010.1.1.89 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint or validating the url account and SSPI HEADER parameters to minimize the risk of exploitation.