Published: 31/07/2017 Updated: 15/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
medhost connex -

MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access ...

CWE-798 http://seclists.org/fulldisclosure/2017/Jul/75 http://www.securityfocus.com/bid/100086 https://nvd.nist.gov https://packetstormsecurity.com/files/143582/MEDHOST-Connex-Hardcoded-Password.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-11743

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect