Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAllen FranksPACKETSTORM:143539
HistoryJul 27, 2017 - 12:00 a.m.

MEDHOST Document Management System Hardcoded Credentials

2017-07-2700:00:00
Allen Franks
packetstormsecurity.com
26

0.004 Low

EPSS

Percentile

73.6%

JSON
`MEDHOST Document Management System contains multiple hard-coded credentials  
  
CVE-2017-11693 & CVE-2017-11694  
  
Overview  
------------  
Medhost Document Management system for all versions contains hard-coded credentials  
used for customer database and Apache Solr access. This is a new vulnerability  
not related to CVE-2016-4328 or CVE-2017-11614.  
  
Description  
------------  
  
MEDHOST Document Management System contains multiple hard-coded credentials that are  
used for customer database and Apache Solr access. An attacker with knowledge of the  
hard-coded credentials and the ability to communicate directly with the database and  
Apache Solr may be able to obtain or modify sensitive patient and financial  
information. PostgreSQL is used as the Document Management System database. The account name  
is dms. The Apache Solr account name is also dms. These passwords are hard-coded throughout  
the application, and are the same across all installations. Customers do not have the option  
to change passwords. The dms account for PostgreSQL has access to the database schema for  
Document Management System. The dms account for Apache Solr has access to all indexed  
patient documents. PostgreSQL listens on the default TCP port 5432. Apache Solr listens  
on the default TCP port 8080.  
  
WEB-INF/classes/database.properties:  
  
# DMS database settings  
jdbc.driverClass=org.postgresql.Driver  
jdbc.url=jdbc:postgresql://localhost:5432/dms  
jdbc.username=dms  
jdbc.password=[redacted]  
  
# Liquibase flag  
run.liquibase.on.startup = true  
  
WEB-INF/classes/solr.properties:  
  
solr.url=http://localhost:8080/solr/dms  
solr.username=dms  
solr.password=[redacted]  
  
Impact  
------------  
  
An attacker with knowledge of the hard-coded credentials and the ability to communicate  
directly with the application database server may be able to obtain or modify patient and  
financial information.  
  
Solution  
------------  
  
The vendor has not issued a patch and has been unresponsive to this information after 3  
attempts to communicate.  
  
Restrict network access  
  
As a general security practice, only allow connections from trusted hosts and networks.  
Restricting access would prevent an attacker from using the hard-coded database credentials  
from a blocked network location.  
`

Related

packetstorm 2
cve 4
prion 4
nvd 4
cvelist 4
cert 1
packetstorm
packetstorm
MEDHOST Connex Hardcoded Password
2017-07-31 00:00:00
MEDHOST Connex Hard-Coded Credentials
2017-07-25 00:00:00
cve
cve
CVE-2017-11614
2022-10-03 16:23:03
CVE-2017-11694
2017-07-28 13:29:00
CVE-2016-4328
2016-06-10 01:59:07
prion
prion
Hardcoded credentials
2017-07-25 17:29:00
Hardcoded credentials
2016-06-10 01:59:00
Hardcoded credentials
2017-07-28 13:29:00
nvd
nvd
CVE-2017-11614
2017-07-25 17:29:00
CVE-2017-11694
2017-07-28 13:29:00
CVE-2016-4328
2016-06-10 01:59:07
cvelist
cvelist
CVE-2017-11614
2022-10-03 16:23:03
CVE-2017-11694
2017-07-28 13:00:00
CVE-2016-4328
2016-06-10 01:00:00
cert
cert
MEDHOST Perioperative Information Management System contains hard-coded database credentials
2016-05-26 00:00:00

0.004 Low

EPSS

Percentile

73.6%

JSON
Related for PACKETSTORM:143539
packetstorm2cve4prion4nvd4cvelist4cert1