Summary
Detail | |||
---|---|---|---|
Vendor | Opendental | First view | 2016-09-24 |
Product | Opendental | Last view | 2018-12-12 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:opendental:opendental:*:*:*:*:*:*:*:* | 4 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2018-12-12 | CVE-2018-15719 | Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. |
7.5 | 2018-12-12 | CVE-2018-15718 | Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more. |
5.3 | 2018-12-12 | CVE-2018-15717 | Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. |
9.8 | 2016-09-24 | CVE-2016-6531 | Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
25% (1) | CWE-522 | Insufficiently Protected Credentials |
25% (1) | CWE-521 | Weak Password Requirements |
25% (1) | CWE-255 | Credentials Management |
25% (1) | CWE-200 | Information Exposure |