CVE-2023-54347

high

Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

References

https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

https://www.exploit-db.com/exploits/51413

https://www.open-emr.org/

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz

Details

Source: Mitre, NVD

Published: 2026-05-05

Updated: 2026-05-05

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00148