Open Dental
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15719 | Cri | 0.64 | 9.8 | 0.01 | Dec 12, 2018 | Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. | ||
| CVE-2016-6531 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2016 | Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ...… | ||
| CVE-2018-15718 | Hig | 0.49 | 7.5 | 0.01 | Dec 12, 2018 | Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more. | ||
| CVE-2018-15717 | Med | 0.34 | 5.3 | 0.01 | Dec 12, 2018 | Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. |
- risk 0.64cvss 9.8epss 0.01
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.
- risk 0.64cvss 9.8epss 0.02
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ...…
- risk 0.49cvss 7.5epss 0.01
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
- risk 0.34cvss 5.3epss 0.01
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.