CVE-2021-25923
N/A
N/A
Summary
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | openemr | v5.0.0, v5.0.0.5, v5.0.0.6, v5.0.1, v5.0.1.1, v5.0.1.2, v5.0.1.3, v5.0.1.4, v5.0.1.5, v5.0.1.6, v5.0.1.7, v5.0.2, v5.0.2.1, v5.0.2.2, v5.0.2.3, v5.0.2.4, v6.0.0, v6.0.0.1 | affected |
Weaknesses
- Weak Password Requirements
ADP Enrichment
CVE Program Container
Additional References
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923
- https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0
References
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923
- https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.