Justin Shafer

**Name of the Vulnerable Software and Affected Versions** Open Dental versions 16.1 and earlier **Description** The issue concerns a hardcoded MySQL root password, which could allow remote attackers to gain administrative access by leveraging access to intranet TCP port 3306. The vendor disputes this issue, stating that the password can be changed and recommends that users do so. **Recommendations** For Open Dental versions 16.1 and earlier, change the default MySQL root password to prevent potential administrative access by remote attackers.

**Name of the Vulnerable Software and Affected Versions** DEXIS Imaging Suite version 10 **Description** The issue allows remote attackers to gain administrative access by using a hardcoded password for the sa account in a DEXIS DATA SQL Server session. **Recommendations** For DEXIS Imaging Suite version 10, change the hardcoded password for the sa account to a unique and secure password to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Dentsply Sirona CDR Dicom versions 5 and earlier **Description** The issue allows remote attackers to obtain administrative access by leveraging knowledge of default passwords for the `sa` and `cdr` accounts. **Recommendations** For Dentsply Sirona CDR Dicom versions 5 and earlier, change the default passwords for the `sa` and `cdr` accounts to secure passwords.

**Name of the Vulnerable Software and Affected Versions** Patterson Dental Eaglesoft version 17 **Description** The issue allows remote attackers to obtain sensitive patient information from the Dental.DB database. This is possible due to a hardcoded password for the dba account, which is set to `sql`. Attackers can exploit this by sending SQL statements to access the sensitive data. **Recommendations** For Patterson Dental Eaglesoft version 17, change the hardcoded password of the dba account to a secure password to prevent unauthorized access. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FairCom c-treeACE (affected versions not specified) **Description** The issue concerns the Data Camouflage algorithm, also known as FairCom Standard Encryption, in FairCom c-treeACE. This algorithm fails to ensure that a decryption key is required to access database contents. As a result, context-dependent attackers can read cleartext database records by copying a database to another system with a specific default configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Henry Schein Dentrix G5 versions prior to 15.1.294 **Description** The issue allows remote attackers to obtain sensitive patient information by exploiting a shared internal-database password across different customers' installations. **Recommendations** For versions prior to 15.1.294, update to version 15.1.294 or later to resolve the issue.