CVE-2017-15366

Vulnerability

Thornberry NDoc versions before 8.0 contain a default database (Cache) user with a single password. During client installation on laptops, this password is written in cleartext to a log file. This allows anyone who can access the log file to obtain the password. The affected versions include all releases prior to 8.0 [1].

Exploitation

An attacker can obtain the cleartext password by reading the installation log file left on the laptop. Once the password is known, no local access is required; the attacker can remotely connect to the Cache database on the client device (if no firewall blocks the port) or directly to the NDoc server. The attacker can then use the default database credentials to gain administrative privileges [1].

Impact

Successful exploitation grants the attacker full administrative or system-level access to the client device (if accessible) or the NDoc server. This compromise can lead to disclosure of sensitive patient data, modification of records, or denial of service. The impact is critical as the attacker can control the entire NDoc system [1].

Mitigation

Thornberry released NDoc version 8.0 to address this vulnerability. Users should upgrade to version 8.0 or later. If upgrade is not immediately possible, ensure that installation logs are securely deleted and database ports are firewalled to limit exposure. No other workarounds are documented [1].