DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6532
DEXIS Imaging Suite 10 contains several hard-coded database credentials allowing administrative or root access to the patient database. Other versions of DEXIS may also be affected.
A remote, unauthenticated attacker may be able to gain administrative access to the DEXIS patient database.
Update the database credentials
Restrict network access
Thanks to Justin Shafer for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2016-09-07|
|Date Last Updated:||2016-09-07 14:40 UTC|