OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts …

OpenEMR version 7.0.1 contains a critical authentication brute force vulnerability identified as CVE-2023-54347. The vulnerability allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can exploit this by submitting POST requests with authUser and clearPass parameters to systematically test username and password combinations. The vulnerability is particularly concerning because it lacks proper account lockout restrictions, making brute force attacks highly effective. This affects the widely-used OpenEMR electronic medical records system, potentially exposing sensitive healthcare data. The vulnerability has been documented with proof-of-concept exploits available publicly.