|Category:||Access Management Error|
Published on 24/09/16 - Updated on 28/11/16
** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction."
CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.
No exploits available for this CVE in our database.