search menu icon-carat-right cmu-wordmark

CERT Coordination Center

EasyVista single sign-on authentication bypass vulnerability

Vulnerability Note VU#273502

Original Release Date: 2012-02-21 | Last Revised: 2012-07-23

Overview

EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature.

Description

EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature that does not use encoded values. If an attacker can obtain the login names for any users with access to the application, then the attacker may be able to bypass authentication using a specifically crafted URL.

An example URL is below:
hxxp://servername/index.php?url_account=account_number&SSPI_HEADER=windows_domain\&#xsername

Impact

If an attacker can obtain the login name of an application administrator, they may be able to perform any function an administrator can. The application contains an inventory database with sensitive information that would be useful to an attacker to expand their attack to the rest of the network.

Solution

Apply an Update
Version 2010.1.1.89 has been released to address this vulnerability. Users can download the update from the EasyVista support site.

Vendor Information

273502
 
Affected   Unknown   Unaffected

EasyVista

Notified:  January 25, 2012 Updated:  February 15, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 5.3 AV:N/AC:--/Au:S/C:C/I:C/A:C
Temporal 4.6 E:H/RL:OF/RC:C
Environmental 1.2 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to ar1vr for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Severity Metric: 17.55
Date Public: 2012-02-21
Date First Published: 2012-02-21
Date Last Updated: 2012-07-23 20:48 UTC
Document Revision: 24

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.