2 matches found
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover...
CVE-2021-25923
CVE-2021-25923 affects OpenEMR 5.0.0 to 6.0.0.1. The root cause is a weak password policy that does not enforce a maximum password length, allowing an attacker who knows the first 72 characters of a password to potentially take over accounts. The issue has a CVSS v3.1 score of 8.1 (network, high ...