BID:52102

EasyVista Single Sign-on Authentication Bypass Vulnerability

Info

EasyVista Single Sign-on Authentication Bypass Vulnerability

Bugtraq ID:	52102
Class:	Access Validation Error
CVE:	CVE-2012-1256
Remote:	Yes
Local:	No
Published:	Feb 21 2012 12:00AM
Updated:	Feb 23 2012 01:51PM
Credit:	ar1vr
Vulnerable:	EasyVista EasyVista 2010.1.1.89

Not Vulnerable:

Discussion

EasyVista Single Sign-on Authentication Bypass Vulnerability

EasyVista is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the affected system. This may lead to further attacks.

EasyVista 2010.1.1.89 is vulnerable; other versions may also be affected.

Exploit / POC

EasyVista Single Sign-on Authentication Bypass Vulnerability

An attacker can use readily available tools or browser to exploit this issue.

Solution / Fix

EasyVista Single Sign-on Authentication Bypass Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

EasyVista Single Sign-on Authentication Bypass Vulnerability

References:

EasyVista Homepage (EasyVista)
EasyVista single sign-on authentication bypass vulnerability (US-CERT)