VYPR
Vendor

Open Dental

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2018-15719CriDec 12, 2018
    risk 0.64cvss 9.8epss 0.01

    Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

  • CVE-2016-6531CriSep 24, 2016
    risk 0.64cvss 9.8epss 0.02

    Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ...…

  • CVE-2018-15718HigDec 12, 2018
    risk 0.49cvss 7.5epss 0.01

    Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.

  • CVE-2018-15717MedDec 12, 2018
    risk 0.34cvss 5.3epss 0.01

    Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.