CVE-2021-35193

Vulnerability

Patterson Application Service in Patterson Eaglesoft versions 18 through 21 accepts the same certificate authentication across different customers' installations that have the same software version. This design flaw means the certificate is not unique per deployment, enabling an attacker to reuse credentials from one installation against another. The software's normal authentication relies on a client-side username/password check before retrieving SQL database credentials, but the check is implemented on the client side, making it trivially bypassable [1].

Exploitation

An attacker can develop their own client that skips the username/password authentication step entirely. With network access to a Patterson Application Service instance, the attacker can then present the shared certificate (obtained from any installation running the same software version) to directly request and receive the SQL database credentials. No prior authentication or user interaction is required beyond network connectivity to the service [1].

Impact

Successful exploitation allows an attacker to retrieve the SQL database credentials for the target Eaglesoft installation. With these credentials, the attacker can access the underlying database, potentially leading to unauthorized reading, modification, or exfiltration of sensitive patient and practice data. The compromise is at the database credential level, granting broad access to the application's data store [1].

Mitigation

As of the publication date (2021-07-30), no official patch or workaround from Patterson has been documented in the available references. Affected versions are Eaglesoft 18 through 21. Users should monitor vendor communications for a fix and consider network-level restrictions (e.g., firewalls, VPNs) to limit access to the Patterson Application Service to trusted hosts only [1].