top of page
perceptive_background_267k.jpg

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts …

Published:

4 mei 2026 om 22:00:00

Alert date:

5 mei 2026 om 21:02:16

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications, Identity & Access

OpenEMR version 7.0.1 contains a critical authentication brute force vulnerability (CVE-2023-54347) that allows attackers to bypass rate limiting protections. The vulnerability enables attackers to send unlimited login attempts to the main login endpoint using POST requests with authUser and clearPass parameters. This security flaw allows systematic testing of username and password combinations without triggering account lockout restrictions, making brute force attacks highly effective against OpenEMR installations.

Technical details

Mitigation steps:

Affected products:

OpenEMR

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2023-54347
https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
https://www.exploit-db.com/exploits/51413
https://www.open-emr.org/
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page