Lucene search
HistoryNov 18, 2013 - 2:55 a.m.
CVE-2013-4425
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using “SuperSecretPassword” as the hardcoded password, which allows local users to obtain the private key.
Affected configurations
Node
osirix-viewerosirixRange≤5.7
ORosirix-viewerosirixMatch0.2
ORosirix-viewerosirixMatch1.0
ORosirix-viewerosirixMatch1.1
ORosirix-viewerosirixMatch1.1.2
ORosirix-viewerosirixMatch1.2
ORosirix-viewerosirixMatch1.3
ORosirix-viewerosirixMatch1.4
ORosirix-viewerosirixMatch1.5
ORosirix-viewerosirixMatch1.5.1
ORosirix-viewerosirixMatch1.5.2
ORosirix-viewerosirixMatch1.6
ORosirix-viewerosirixMatch1.6.2
ORosirix-viewerosirixMatch1.6.3
ORosirix-viewerosirixMatch1.6.4
ORosirix-viewerosirixMatch1.6.5
ORosirix-viewerosirixMatch1.7
ORosirix-viewerosirixMatch1.7.1
ORosirix-viewerosirixMatch2.0
ORosirix-viewerosirixMatch2.1
ORosirix-viewerosirixMatch2.2
ORosirix-viewerosirixMatch2.3
ORosirix-viewerosirixMatch2.3.1
ORosirix-viewerosirixMatch2.4
ORosirix-viewerosirixMatch2.5
ORosirix-viewerosirixMatch2.6
ORosirix-viewerosirixMatch2.7.5
ORosirix-viewerosirixMatch3.0
ORosirix-viewerosirixMatch3.1
ORosirix-viewerosirixMatch3.2.1
ORosirix-viewerosirixMatch3.3
ORosirix-viewerosirixMatch3.5
ORosirix-viewerosirixMatch3.6
ORosirix-viewerosirixMatch3.7.1
ORosirix-viewerosirixMatch3.8.1
ORosirix-viewerosirixMatch3.9.4
ORosirix-viewerosirixMatch4.0
ORosirix-viewerosirixMatch4.1.2
ORosirix-viewerosirixMatch5.0.2
ORosirix-viewerosirixMatch5.5.2
ORosirix-viewerosirixMatch5.6
Node
osirix-viewerosirix_mdRange≤2.7
Related
cvelist
cvelist
CVE-2013-4425
2013-11-15 18:16:00
prion
prion
Hardcoded credentials
2013-11-18 02:55:00
securityvulns
securityvulns
Osirix information leakage
2013-12-09 00:00:00
cve
cve
CVE-2013-4425
2013-11-18 02:55:07
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for NVD:CVE-2013-4425