PT-2017-12182 · Medhost+1 · Medhost Document Management System+1

Allen Franks

Publicado

2017-07-28

Atualizado

2017-08-15

CVE-2017-11693

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions MEDHOST Document Management System (affected versions not specified)

Description The MEDHOST Document Management System contains hard-coded credentials used for customer database access. An attacker with knowledge of these credentials and direct communication with the database may obtain or modify sensitive patient and financial information. The system uses PostgreSQL as its database, with a hard-coded password for the dms account that remains the same across all installations and cannot be changed by customers. This dms account has access to the Document Management System database schema.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2017-11693

Produtos afetados

Medhost Document Management System

Postgresql

PT-2017-12182 · Medhost+1 · Medhost Document Management System+1

CVE-2017-11693

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2