14 matches found
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
Hardcoded credentials
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
CVE-2022-37710
Patterson Dental Eaglesoft 21 uses AES-256, but the keyfile and salt are hardcoded into a DLL/EXE. Two access paths to the keyfile exist: keybackup.data > License > Encryption Key and Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key, enabling local attackers ...
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
PT-2022-24046 · Patterson Dental · Patterson Dental Eaglesoft
Name of the Vulnerable Software and Affected Versions: Patterson Dental Eaglesoft version 21 Description: The issue concerns the encryption mechanism in Patterson Dental Eaglesoft. Although it uses AES-256 encryption, there are two methods to obtain the keyfile, which are through keybackup.data...
CVE-2016-2343
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements...
CVE-2016-2343
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements...
Hardcoded credentials
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements...
CVE-2016-2343
The CVE-2016-2343 in Patterson Dental Eaglesoft 17 involves a hard-coded database password (sql) used by the dba account, enabling a remote attacker with network access to obtain sensitive patient data from the Dental.DB via SQL statements. Affected component is the Eaglesoft database backend; ro...
CVE-2016-2343
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements...
Patterson Dental Eaglesoft Information Disclosure Vulnerability
Patterson Dental Eaglesoft is a suite of dental records software from Patterson Dental Supply Patterson Dental in the United States. An information disclosure vulnerability exists in Patterson Dental Eaglesoft that arises from the program using the same hard-coded credentials across different use...
Patterson Dental Eaglesoft uses a hard-coded database password across installations
Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...