Executive Summary
Summary | |
---|---|
Title | Open Dental uses blank database password by default |
Informations | |||
---|---|---|---|
Name | VU#619767 | First vendor Publication | 2016-09-06 |
Vendor | VU-CERT | Last vendor Modification | 2016-09-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#619767Open Dental uses blank database password by defaultOverviewOpen Dental is medical dental records management software. Open Dental version 16.1, and previous versions, installs with a blank root database (MySQL) password by default.. An attacker with network access to an Open Dental MySQL database could read, modify, or delete data. This Vulnerability Note initially, and incorrectly, stated that Open Dental used hard coded credentials. The Impact section also implied that in its default configuration, the Open Dental database was available over remote networks such as the internet. An Open Dental database would need to be specifically configured to allow remote network access. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Justin Shafer for reporting this vulnerability. This document was written by Garret Wassermann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/619767 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Alert History
Date | Informations |
---|---|
2016-09-28 21:26:02 |
|
2016-09-24 17:28:12 |
|
2016-09-13 13:21:52 |
|
2016-09-10 09:25:11 |
|
2016-09-08 21:22:07 |
|
2016-09-08 00:22:15 |
|
2016-09-07 00:23:33 |
|