CVE-2021-25923

Published: Jun 24, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.

Affected (1)

Products: Open Emr: Openemr

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open Emr Openemr	From 5.0.0 to 6.0.0.1

Related CWEs

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (4)

https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0

Source: vulnerabilitylab@mend.io

PatchThird Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923

Source: vulnerabilitylab@mend.io

ExploitThird Party Advisory

https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.