CVE-2013-4425

Loading...

General

Score:1.9/10.0
Severity:Low
Category:Access Management Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:None

Published on 18/11/13 - Updated on 29/08/17

Description

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.

Category: Access Management Error

CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.

Security Notices

US National Vulnerability DatabaseCVE-2013-4425

Exploits

SecurityFocusBID-63566

Relative technologies

VendorProduct
osirix-viewerosirix
osirix-viewerosirix_md

Share this vulnerability with:

Twitter Facebook LinkedIn Mail