Vulnerability Note VU#273502

EasyVista single sign-on authentication bypass vulnerability

Original Release date: 21 Feb 2012 | Last revised: 23 Jul 2012

Overview

EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature.

Description

EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature that does not use encoded values. If an attacker can obtain the login names for any users with access to the application, then the attacker may be able to bypass authentication using a specifically crafted URL.

An example URL is below:

    hxxp://servername/index.php?url_account=account_number&SSPI_HEADER=windows_domain\username

Impact

If an attacker can obtain the login name of an application administrator, they may be able to perform any function an administrator can. The application contains an inventory database with sensitive information that would be useful to an attacker to expand their attack to the rest of the network.

Solution

Apply an Update Version 2010.1.1.89 has been released to address this vulnerability. Users can download the update from the EasyVista support site.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
EasyVistaAffected25 Jan 201215 Feb 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 5.3 AV:N/AC:--/Au:S/C:C/I:C/A:C
Temporal 4.6 E:H/RL:OF/RC:C
Environmental 1.2 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to ar1vr for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: Unknown
  • Date Public: 21 Feb 2012
  • Date First Published: 21 Feb 2012
  • Date Last Updated: 23 Jul 2012
  • Severity Metric: 17.55
  • Document Revision: 24

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.