CVE-2023-54347

OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

CVSS 8.7 HIGHEPSS 0.5%CWE-307

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Open-Emr · OpenEMR

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/51413unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz https://www.exploit-db.com/exploits/51413 https://www.open-emr.org/https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass