Open Dental 6.7

CPE Details

Open Dental 6.7
opendental
opendental
6.7
2019-07-01
14h59 +00:00
2019-07-01
14h59 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:opendental:opendental:6.7:*:*:*:*:*:*:*

Informations

Vendor

opendental

Product

opendental

Version

6.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-15717 2018-12-12 19h00 +00:00 Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
5.3
Medium
CVE-2018-15718 2018-12-12 19h00 +00:00 Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
7.5
High
CVE-2018-15719 2018-12-12 19h00 +00:00 Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.
9.8
Critical
CVE-2016-6531 2016-09-24 08h00 +00:00 Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.
9.8
Critical