[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAPtV236U2h+=1eKEj+aPRP1XuwmMpwYN4VRoG8qP7JiKDvENNg@mail.gmail.com>
Date: Sun, 30 Jul 2017 16:38:37 +0000
From: Allen Franks <afranks2131@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2017-11743 MEDHOST Connex contains hard-coded Mirth
Connect admin password
CVE-2017-11743
Overview
------------
MEDHOST Connex contains a hard-coded Mirth Connect admin password in
all versions. This is a new vulnerability not related to
CVE-2016-4328, CVE-2017-11614, CVE-2017-11693 or CVE-2017-11694.
Description
------------
MEDHOST Connex contains a hard-coded Mirth Connect admin credential
that is used for customer Mirth Connect management access. An attacker
with knowledge of the hard-coded credential and the ability to
communicate directly with the Mirth Connect management console may be
able to intercept sensitive patient information. The admin account
password is hard-coded throughout the application, and is the same
across all installations. Customers do not have the option to change
the Mirth Connect admin account password. The Mirth Connect admin
account is created during the Connex install. The plaintext account
password is hard-coded multiple times in the Connex install and update
scripts.
- connex-*.noarch.rpm
$ grep password connex-*.noarch.rpm
sed -i 's/^password.*/password=\$K8t1ng/'
/opt/mirthconnect/conf/mirth-cli-config.properties
Impact
------------
An attacker with knowledge of the hard-coded credential and the
ability to communicate directly with the Mirth Connect management
console may be able to obtain sensitive patient information.
Solution
------------
The vendor has not issued a patch and has been unresponsive to this
information after 3 attempts to communicate.
Restrict network access
As a general security practice, only allow connections from trusted
hosts and networks. Restricting access would prevent an attacker from
using the hard-coded database credentials from a blocked network
location.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists