Vulnerabilities > CVE-2016-4328 - Hard Coded Credentials Authentication Bypass vulnerability in MEDHOST PIMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server. <a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source https://packetstormsecurity.com/files/download/143539/medhost-dms-psql-solr.txt id PACKETSTORM:143539 last seen 2017-08-01 published 2017-07-27 reporter Allen Franks source https://packetstormsecurity.com/files/143539/MEDHOST-Document-Management-System-Hardcoded-Credentials.html title MEDHOST Document Management System Hardcoded Credentials data source https://packetstormsecurity.com/files/download/143480/medhost-hmscxpdn-hardcoded-credentials.txt id PACKETSTORM:143480 last seen 2017-07-26 published 2017-07-25 reporter Allen Franks source https://packetstormsecurity.com/files/143480/MEDHOST-Connex-Hard-Coded-Credentials.html title MEDHOST Connex Hard-Coded Credentials data source https://packetstormsecurity.com/files/download/143582/medhostconnex-passwd.txt id PACKETSTORM:143582 last seen 2017-08-02 published 2017-07-31 reporter Allen Franks source https://packetstormsecurity.com/files/143582/MEDHOST-Connex-Hardcoded-Password.html title MEDHOST Connex Hardcoded Password