OpenEMR Logging Vulnerability in Password Change Events

A logging vulnerability in OpenEMR versions prior to 7.0.3.4 allows password change events to be omitted from the client-side log viewer. This absence prevents administrators from auditing important actions, thereby reducing traceability and creating opportunities for undetected misuse by insiders or attackers.

Impact

The vulnerability leads to a lack of proper logging for critical user actions, such as password changes. This logging inconsistency can disrupt audit trails, hinder incident detection and forensic investigations, and potentially affect any user with the ability to change passwords.

Reproduction

To reproduce this vulnerability, log into OpenEMR as an admin user and change the password through the user interface. After submitting the password change, check the client-side logs under the 'Update' event filter. No entry will be present for the password change. Additionally, server-side MySQL logs may show a vague 'update' event, but not specifically identify it as a password change.

Remediation

Users can update to OpenEMR version 7.0.3.4 or later, where this logging issue has been addressed.