CVE-2021-25923
Published
CVSS v3
8.1
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
The most popular open source electronic health records and medical practice management solution.
GitHub