This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opendental First view 2016-09-24
Product Opendental Last view 2018-12-12
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:opendental:opendental:*:*:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
9.8 2018-12-12 CVE-2018-15719

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

7.5 2018-12-12 CVE-2018-15718

Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.

5.3 2018-12-12 CVE-2018-15717

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

9.8 2016-09-24 CVE-2016-6531

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-522 Insufficiently Protected Credentials
25% (1) CWE-521 Weak Password Requirements
25% (1) CWE-255 Credentials Management
25% (1) CWE-200 Information Exposure