Vulnerabilities > CVE-2013-4425 - Credentials Management vulnerability in Osirix-Viewer Osirix and Osirix MD
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. According to several reference links Osirix MD before 2.8 are vulnerable http://www.securityfocus.com/bid/63566/discuss http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html