CVE-2004-2777

Name of the Vulnerable Software and Affected Versions GE Healthcare Centricity Image Vault versions 3.x

Description The issue concerns hardcoded or default passwords for various accounts in the system. Specifically, the passwords are: gemnet for the administrator account, webadmin for the webadmin administrator account of the ASACA DVD library, an empty value for the gemsservice account of the Ultrasound Database, and possibly gemnet2002 for the gemnet2002 account of the GEMNet license server. The impact and attack vectors of this issue are not clearly specified.

Recommendations For GE Healthcare Centricity Image Vault version 3.x, change the default passwords for all accounts, including the administrator, webadmin, gemsservice, and gemnet2002 accounts, to unique and secure values to prevent unauthorized access. Consider disabling or restricting access to these accounts until secure passwords are implemented.