Skip to content
CVSS 7.5 · HIGH

CVE-2023-54347

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Ver en NVD

Análisis

OpenEMR is a specialized medical practice management system that is not a core part of the common developer stack or general IT infrastructure. While the authentication brute force vulnerability is significant for medical clinics using this software, it is too niche for the general developer and sysadmin community.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-307

EPSS

Probabilidad de explotación (próx. 30 días): 0.0015 (0.2%)
Percentil: 35.5%
EPSS: 2026-05-06

Afecta

open-emr:openemr

Descripción técnica

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Publicada: 5/5/2026, 12:16:17
Última modificación: 5/5/2026, 20:00:28

Referencias

InicioEventosBlogRecursosEquipo