CVE-2022-37710

Name of the Vulnerable Software and Affected Versions Patterson Dental Eaglesoft version 21

Description The issue concerns the encryption mechanism in Patterson Dental Eaglesoft. Although it uses AES-256 encryption, there are two methods to obtain the keyfile, which are through keybackup.data > License > Encryption Key or Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. The applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.

Recommendations For Patterson Dental Eaglesoft version 21, consider restricting access to the keybackup.data and Eaglesoft.Server.Configuration.data files to minimize the risk of exploitation. As a temporary workaround, avoid using the hardcoded keys and salt in the DLL or EXE file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.