Vulnerability Note VU#344432
Patterson Dental Eaglesoft uses a hard-coded database password across installations
Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations.
CWE-798: Use of Hard-coded Credentials - CVE-2016-2343
According to the researcher, Eaglesoft uses hard-coded credentials to access a database back-end. The credentials are the same across installations of Eaglesoft. Sensitive patient information is contained in Eaglesoft databases. An administrator is unable to change these credentials without breaking access to the back-end database.
An attacker with knowledge of the hard-coded credentials and with network access to the database may be able to obtain sensitive patient information.
The CERT/CC is currently unaware of a full solution to this problem.
Restrict Network Access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Patterson Dental||Affected||19 Feb 2016||30 Mar 2016|
CVSS Metrics (Learn More)
Thanks to Justin Shafer for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-2343
- Date Public: 15 Feb 2016
- Date First Published: 30 Mar 2016
- Date Last Updated: 30 Mar 2016
- Document Revision: 42
If you have feedback, comments, or additional information about this vulnerability, please send us email.