CVE-2016-6531

Loading...

General

Score:7.5/10.0
Severity:High
Category:Access Management Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 24/09/16 - Updated on 28/11/16

Description

** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction."

Category: Access Management Error

CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.

Security Notices

US National Vulnerability DatabaseCVE-2016-6531

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
opendentalopendental

Share this vulnerability with:

Twitter Facebook LinkedIn Mail