OpenEMR Authentication Brute Force Vulnerability in Version 7.0.1

A brute force vulnerability in the authentication process has been identified in OpenEMR version 7.0.1. This vulnerability allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Exploitation involves submitting POST requests with the authUser and clearPass parameters to systematically test username and password combinations, taking advantage of the absence of account lockout restrictions.

Impact

Exploitation of this vulnerability allows for successful brute force attacks on the authentication mechanism, potentially leading to unauthorized access by guessing user credentials.

Reproduction

The vulnerability can be reproduced by sending repeated login attempts to the OpenEMR login endpoint using the authUser and clearPass parameters. This can be done manually or automated with a script that bypasses the rate limiting protections. The absence of account lockout measures allows for systematic testing of username and password combinations until valid credentials are found.

Remediation

Users are advised to upgrade to OpenEMR version 8 or later. Instructions for upgrading can be found on the OpenEMR website.