CVE-2012-1256 Information

Description

The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter in conjunction with a valid login name in the SSPI_HEADER parameter to index.php.

Reference

http://secunia.com/advisories/48124 http://www.kb.cert.org/vuls/id/273502 The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter in conjunction with a valid login name in the SSPI_HEADER parameter to index.php.