CVE-2013-4425

2013-11-18T02:55:00
ID CVE-2013-4425
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:33:00

Description

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. According to several reference links Osirix MD before 2.8 are vulnerable

http://www.securityfocus.com/bid/63566/discuss

http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html