Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6531 | 1 Opendental | 1 Opendental | 2024-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction." | |||||
| CVE-2018-15719 | 1 Opendental | 1 Opendental | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. | |||||
| CVE-2018-15718 | 1 Opendental | 1 Opendental | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more. | |||||
| CVE-2018-15717 | 1 Opendental | 1 Opendental | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. | |||||