Opendental Security Vulnerabilities and Issues — Opendental CVE List

Lucene search

OpendentalOpendental

4 matches found

CVE•added 2016/09/24 10:59 a.m.•49 views

CVE-2016-6531

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a def...

9.8CVSS9.2AI score0.03269EPSS

CVE•added 2018/12/12 7:29 p.m.•39 views

CVE-2018-15719

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

9.8CVSS9.3AI score0.00305EPSS

CVE•added 2018/12/12 7:29 p.m.•35 views

CVE-2018-15717

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

5.3CVSS5.4AI score0.00096EPSS

CVE•added 2018/12/12 7:29 p.m.•33 views

CVE-2018-15718

Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.

7.5CVSS7.9AI score0.00412EPSS