lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAPtV236U2h+=1eKEj+aPRP1XuwmMpwYN4VRoG8qP7JiKDvENNg@mail.gmail.com>
Date: Sun, 30 Jul 2017 16:38:37 +0000
From: Allen Franks <afranks2131@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2017-11743 MEDHOST Connex contains hard-coded Mirth
	Connect admin password

CVE-2017-11743

Overview
------------
MEDHOST Connex contains a hard-coded Mirth Connect admin password in
all versions. This is a new vulnerability not related to
CVE-2016-4328, CVE-2017-11614, CVE-2017-11693 or CVE-2017-11694.

Description
------------

MEDHOST Connex contains a hard-coded Mirth Connect admin credential
that is used for customer Mirth Connect management access. An attacker
with knowledge of the hard-coded credential and the ability to
communicate directly with the Mirth Connect management console may be
able to intercept sensitive patient information. The admin account
password is hard-coded throughout the application, and is the same
across all installations. Customers do not have the option to change
the Mirth Connect admin account password. The Mirth Connect admin
account is created during the Connex install. The plaintext account
password is hard-coded multiple times in the Connex install and update
scripts.

- connex-*.noarch.rpm

$ grep password connex-*.noarch.rpm
sed -i 's/^password.*/password=\$K8t1ng/'
/opt/mirthconnect/conf/mirth-cli-config.properties

Impact
------------

An attacker with knowledge of the hard-coded credential and the
ability to communicate directly with the Mirth Connect management
console may be able to obtain sensitive patient information.

Solution
------------

The vendor has not issued a patch and has been unresponsive to this
information after 3 attempts to communicate.

Restrict network access

As a general security practice, only allow connections from trusted
hosts and networks. Restricting access would prevent an attacker from
using the hard-coded database credentials from a blocked network
location.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ