CVE-2021-25923

Name of the Vulnerable Software and Affected Versions OpenEMR versions 5.0.0 through 6.0.0.1

Description The issue arises from weak password requirements due to the lack of a maximum password length limit. If a malicious user knows the first 72 characters of a victim user's password, they can use this information to take over the account.

Recommendations For OpenEMR versions 5.0.0 through 6.0.0.1, consider implementing a maximum password length limit to prevent exploitation of this weakness. As a temporary workaround, restrict access to sensitive features until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.