[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] CVE-2015-4453 - Authentication bypass in OpenEMR
From: Brian Hysell <bdhysell () gmail ! com>
Date: 2015-06-18 16:24:43
Message-ID: CAH5XVwucaR8J4XCKhFbdQ1MvxYADdTEdJmMoVNo2Mvii_wjH5A () mail ! gmail ! com
[Download RAW message or body]
Title: Authentication bypass in OpenEMR
CVE Reference: CVE-2015-4453
Product: OpenEMR
Vendor: http://www.open-emr.org/
Tested versions: 4.2.0 and 4.2.0 patch 1
Affected versions: 2.8.3 to 4.2.0 patch 1
Status: Fixed by vendor
Reported by: Brian D. Hysell
Details:
A bug in OpenEMR's implementation of "fake register_globals" in
interface/globals.php allows an attacker to bypass authentication by
sending ignoreAuth=1 as a GET or POST request parameter.
Impact:
An attacker can access sensitive information without a password in
parts of the application that do not disable the fake register_globals
functionality, do not rely on session data initialized during the
login process, and are not governed by access control lists. Notably,
this includes interface/fax/fax_dispatch_newpid.php and
interface/billing/sl_eob_search.php, which contain unpatched SQL
injection vulnerabilities (see CVE-2014-5462).
Remediation:
Apply vendor's latest patch.
Timeline:
Vendor contacted: May 4, 2015
Vendor replied: May 4
CVE requested: May 6
Patch released: May 9
CVE assigned: June 9
Announced: June 18
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic