Vulnerability Details CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923
- https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923
Products affected by CVE-2021-25923
-
cpe:2.3:a:open-emr:openemr:5.0.0
-
cpe:2.3:a:open-emr:openemr:5.0.0.5
-
cpe:2.3:a:open-emr:openemr:5.0.0.6
-
cpe:2.3:a:open-emr:openemr:5.0.1
-
cpe:2.3:a:open-emr:openemr:5.0.1-6
-
cpe:2.3:a:open-emr:openemr:5.0.1.1
-
cpe:2.3:a:open-emr:openemr:5.0.1.2
-
cpe:2.3:a:open-emr:openemr:5.0.1.3
-
cpe:2.3:a:open-emr:openemr:5.0.1.4
-
cpe:2.3:a:open-emr:openemr:5.0.1.5
-
cpe:2.3:a:open-emr:openemr:5.0.1.6
-
cpe:2.3:a:open-emr:openemr:5.0.1.7
-
cpe:2.3:a:open-emr:openemr:5.0.2
-
cpe:2.3:a:open-emr:openemr:5.0.2.1
-
cpe:2.3:a:open-emr:openemr:5.0.2.2
-
cpe:2.3:a:open-emr:openemr:5.0.2.3
-
cpe:2.3:a:open-emr:openemr:5.0.2.4
-
cpe:2.3:a:open-emr:openemr:5.0.2.5
-
cpe:2.3:a:open-emr:openemr:6.0.0
-
cpe:2.3:a:open-emr:openemr:6.0.0.1