OpenEMR 4.2.0 Authentication Bypass Vulnerability

ID 1337DAY-ID-23769
Type zdt
Reporter Brian Hysell
Modified 2015-06-20T00:00:00


OpenEMR versions 4.2.0 and 4.2.0 patch 1 suffer from an authentication bypass vulnerability.

                                            Title: Authentication bypass in OpenEMR
CVE Reference: CVE-2015-4453
Product: OpenEMR
Tested versions: 4.2.0 and 4.2.0 patch 1
Affected versions: 2.8.3 to 4.2.0 patch 1
Status: Fixed by vendor
Reported by: Brian D. Hysell


A bug in OpenEMR's implementation of "fake register_globals" in
interface/globals.php allows an attacker to bypass authentication by
sending ignoreAuth=1 as a GET or POST request parameter.


An attacker can access sensitive information without a password in
parts of the application that do not disable the fake register_globals
functionality, do not rely on session data initialized during the
login process, and are not governed by access control lists. Notably,
this includes interface/fax/fax_dispatch_newpid.php and
interface/billing/sl_eob_search.php, which contain unpatched SQL
injection vulnerabilities (see CVE-2014-5462).


Apply vendor's latest patch

# [2016-04-19]  #