CVE-2023-54347

Name of the Vulnerable Software and Affected Versions OpenEMR version 7.0.1

Description An authentication brute force issue allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests using the authUser and clearPass parameters to systematically test username and password combinations without triggering account lockout restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.