PT-2013-5011 · Pixmeo · Osirix
Publicado
2013-11-15
·
Atualizado
2017-08-29
·
CVE-2013-4425
CVSS v2.0
1.9
Baixa
| Vetor | AV:L/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OsiriX versions prior to 5.8
OsiriX versions prior to 2.5-MD
Description
The issue concerns the DICOM listener in OsiriX, which uses a hardcoded password "SuperSecretPassword" to encrypt the TLS private key file when starting up. This allows local users to obtain the private key.
Recommendations
For OsiriX versions prior to 5.8, update to version 5.8 or later to resolve the issue.
For OsiriX versions prior to 2.5-MD, update to version 2.5-MD or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Osirix