Perceptive Security
SOC/SIEM Consultancy
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts …
Published:
4 May 2026 at 22:00:00
Alert date:
5 May 2026 at 21:02:16
Source:
nvd.nist.gov
Web Technologies, Enterprise Applications, Identity & Access
OpenEMR version 7.0.1 contains a critical authentication brute force vulnerability (CVE-2023-54347) that allows attackers to bypass rate limiting protections. The vulnerability enables attackers to send unlimited login attempts to the main login endpoint using POST requests with authUser and clearPass parameters. This security flaw allows systematic testing of username and password combinations without triggering account lockout restrictions, making brute force attacks highly effective against OpenEMR installations.
Technical details
Mitigation steps:
Affected products:
OpenEMR
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2023-54347
https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
https://www.exploit-db.com/exploits/51413
https://www.open-emr.org/
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.