Skip to content
CVSS 7.5 · HIGH

CVE-2023-54347

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

View on NVD

Analysis

OpenEMR is a specialized medical practice management system that is not a core part of the common developer stack or general IT infrastructure. While the authentication brute force vulnerability is significant for medical clinics using this software, it is too niche for the general developer and sysadmin community.

Severity

Score: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Weakness (CWE): CWE-307

EPSS

Probability of exploitation (next 30 days): 0.0015 (0.2%)
Percentile: 35.5%
EPSS: 2026-05-06

Affects

open-emr:openemr

Technical description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Published: 5/5/2026, 12:16:17 PM
Last modified: 5/5/2026, 8:00:28 PM

References

HomeEventsBlogResourcesTeam