top of page
perceptive_background_267k.jpg

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts …

Published:

4 mei 2026 om 22:00:00

Alert date:

5 mei 2026 om 13:07:56

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access, Enterprise Applications

OpenEMR 7.0.1 contains a critical authentication brute force vulnerability (CVE-2023-54347) that allows attackers to bypass rate limiting protections. Attackers can send repeated login attempts to the main login endpoint using POST requests with authUser and clearPass parameters. The vulnerability enables systematic testing of username and password combinations without triggering account lockout restrictions. This bypass of security controls makes the application susceptible to credential attacks and unauthorized access attempts.

Technical details

Mitigation steps:

Affected products:

OpenEMR

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2023-54347
https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
https://www.exploit-db.com/exploits/51413
https://www.open-emr.org/
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page