CVE-2023-54347

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 06, 2026

CWE ID

CWE-307

Source

NVD

Vendor

Open-Emr

Product

OpenEMR

External References

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
https://www.exploit-db.com/exploits/51413
https://www.open-emr.org/
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

CVE-2023-54347

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment