Synopsis
CVE-2018-15717: Weak Password Hashing
Open Dental stores credentials in an insecure manner.
The application stores credentials in the "userod" table with the username in plaintext and the password hash stored as a base64 encoded MD5 hash, which is a known insecure hashing method. Furthermore, no salt is used with the hash.
CVE-2018-15718: User Table Information Disclosure
Open Dental transmits credential information in an insecure manner.
When the application launches and a user is presented with a log-in prompt, the application sends a request to the database for all user information. This includes usernames, privilege levels, password hashes, etc. This unnecessarily exposes user information.
CVE-2018-15719: Default Database Credentials
Open Dental contains a security bypass due to insecure installation defaults.
Upon installation of the application, the mysql database created has the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information (including confidential patient information and PII).
CVE-2016-6531 was previously assigned to this issue. However, Open Dental disputed the vulnerability. According to the release notes of 18.4, Open Dental will now "prompt to create a username and password for MySQL."
Solution
Open Dental Software has reported that the vulnerabilities are fixed in version 18.4.0.Additional References
https://www.opendental.com/site/version18_4.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6531
https://www.kb.cert.org/vuls/id/619767/
Disclosure Timeline
All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability.
Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.
For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page.
If you have questions or corrections about this advisory, please email [email protected]
Contact our sales team