Allen Franks

**Name of the Vulnerable Software and Affected Versions** MEDHOST Document Management System (affected versions not specified) **Description** The MEDHOST Document Management System contains hard-coded credentials used for customer database access. An attacker with knowledge of these credentials and direct communication with the database may obtain or modify sensitive patient and financial information. The system uses PostgreSQL as its database, with a hard-coded password for the `dms` account that remains the same across all installations and cannot be changed by customers. This `dms` account has access to the Document Management System database schema. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MEDHOST Document Management System (affected versions not specified) **Description** The MEDHOST Document Management System contains hard-coded credentials for Apache Solr access. An attacker with knowledge of these credentials and direct communication with Apache Solr may obtain or modify sensitive patient and financial information. The Apache Solr account name is `dms`, and the password is hard-coded and uniform across all installations, with no option for customers to change it. This `dms` account has access to all indexed patient documents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.