Home

Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

PUBLISHED Reserved 2026-01-10 | Published 2026-05-05 | Updated 2026-05-06 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Restriction of Excessive Authentication Attempts

Product status

7.0.1
affected

Credits

abhhi (Abhishek Birdawade) finder

References

www.exploit-db.com/exploits/51413 (ExploitDB-51413) exploit

www.open-emr.org/ (Official Product Homepage) product

github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz (Product Reference) product

www.vulncheck.com/...ntication-brute-force-mitigation-bypass (VulnCheck Advisory: OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass) third-party-advisory

cve.org (CVE-2023-54347)

nvd.nist.gov (CVE-2023-54347)

Download JSON