KiviCare Clinic and Patient Management System Authentication Bypass Vulnerability

A vulnerability allowing authentication bypass has been identified in the KiviCare Clinic & Patient Management System (EHR) WordPress plugin, affecting all versions through 4.1.2. The issue arises because the 'patientSocialLogin()' function fails to validate the social provider access token before authenticating users. This flaw enables unauthenticated attackers to log in as any registered patient by simply providing their email address and a chosen access token value, circumventing credential verification. Exploitation of this vulnerability grants access to sensitive medical records, appointments, prescriptions, and billing information, resulting in a breach of personal identifiable information and protected health information. Additionally, authentication cookies are issued prior to role verification, inadvertently including auth cookies for non-patient users, such as administrators, in the HTTP response headers, despite a 403 response being generated.

Impact

Exploitation of this vulnerability allows for unauthorized access to patient accounts, including sensitive medical and personal information. It also improperly exposes authentication cookies for non-patient users, such as administrators, potentially leading to further unauthorized actions.

Remediation

Users are advised to update the KiviCare WordPress plugin to version 4.1.3 or later.