PT-2013-5011 · Pixmeo · Osirix

Published

2013-11-15

Updated

2017-08-29

CVE-2013-4425

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OsiriX versions prior to 5.8 OsiriX versions prior to 2.5-MD

Description The issue concerns the DICOM listener in OsiriX, which uses a hardcoded password "SuperSecretPassword" to encrypt the TLS private key file when starting up. This allows local users to obtain the private key.

Recommendations For OsiriX versions prior to 5.8, update to version 5.8 or later to resolve the issue. For OsiriX versions prior to 2.5-MD, update to version 2.5-MD or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2013-4425

Affected Products

Osirix

PT-2013-5011 · Pixmeo · Osirix

CVE-2013-4425

Weakness Enumeration

Related Identifiers

Affected Products

References · 5