icon

We found results for “

CVE-2021-25923

Date: June 24, 2021

Overview

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.

Details

The “OpenEMR” application does not enforce a maximum password length limit during the user creation mechanism which may lead to complete account takeover of an affected user during certain edge cases. The vulnerability can be reproduced assuming the malicious user is aware of the first 72 characters of the victim user’s password.

PoC Details

Login to the application as Administrator. Sign in with user “testcase1” with password: “Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@123” Result: Sign in successful Sign in with user “testcase1” with password of user “testcase2” Result: Sign in successful Sign in with user “testcase2” with password “Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@123a@123a@123a@123a@123a@123” Result: Sign in successful Sign in with user “testcase2” with password of user “testcase1” Result: Sign in successful

Affected Environments

5.0.0-6.0.0.1

Prevention

Upgrade to 6.0.0.2

Language: PHP

Good to know:

icon

Weak Password Requirements

CWE-521
icon

Upgrade Version

Upgrade to version v6_0_0_2

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): High
Privilegs Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional information: