OpenEMR Gateway API Key Leakage Vulnerability

A vulnerability exists in OpenEMR versions 5.0.2 prior to 8.0.0, where the 'gateway_api_key' is exposed in plaintext to the client. This leakage occurs in at least two files: 'interface/patient_file/front_payment.php' and 'portal/portal_payment.php'. The exposed API key could lead to unauthorized financial transactions or account takeovers on payment gateway platforms, particularly with Stripe or Authorize.Net.

Impact

The exposure of the gateway API key to users can lead to unauthorized actions on payment gateway accounts. For instance, Stripe considers such a compromise severe, potentially allowing fraudulent activities and financial losses.

Reproduction

To reproduce this vulnerability, configure OpenEMR with a payment gateway and set a test 'gateway_api_key'. Then, visit the payment processing pages in the patient portal or the admin side. The API key will be rendered in the client-side source code, accessible through browser inspection tools.

Remediation

Users should update OpenEMR to version 8.0.0 or later, remove any API keys from the application configuration, and rotate the keys using the payment provider's key management system. After updating, ensure that the new keys are securely configured in OpenEMR.