Описание
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
Комментарий
According to several reference links Osirix MD before 2.8 are vulnerable
http://www.securityfocus.com/bid/63566/discuss
http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 5.7 (включая)
Одно из
cpe:2.3:a:osirix-viewer:osirix:*:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:0.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.0:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.3:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.4:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.5:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.6:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.7:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.0:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.3:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.4:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.5:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.6:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.0:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.3:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.5:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.6:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:4.0:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:osirix-viewer:osirix:5.6:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.7 (включая)
cpe:2.3:a:osirix-viewer:osirix_md:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00056
Низкий
1.9 Low
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
EPSS
Процентиль: 18%
0.00056
Низкий
1.9 Low
CVSS2
Дефекты
CWE-255