CVE-2023-54347

HIGH CVSS 7.5 View on NVD ↗

Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

open-emr/openemr

References

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
https://www.exploit-db.com/exploits/51413
https://www.open-emr.org/
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

Published: May 05, 2026 12:16 UTC Modified: May 05, 2026 20:00 UTC