PT-2020-14037 · Openclinic · Openclinic Ga

Published

2020-07-29

Updated

2020-07-30

CVE-2020-14489

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenClinic GA versions 5.09.02 through 5.89.05b

Description The issue concerns inadequate hashing complexity used for storing passwords, potentially allowing attackers to recover passwords using known password cracking techniques.

Recommendations For OpenClinic GA versions 5.09.02 through 5.89.05b, consider implementing a more secure password hashing algorithm to mitigate the risk of password recovery by attackers. As a temporary workaround, restrict access to sensitive areas of the system to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-14489

Affected Products

Openclinic Ga

PT-2020-14037 · Openclinic · Openclinic Ga

CVE-2020-14489

Weakness Enumeration

Related Identifiers

Affected Products

References · 3