|Category:||Access Management Error|
Published on 18/11/13 - Updated on 29/08/17
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.