Vulnerability Description
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osirix-Viewer | Osirix | <= 5.7 |
| Osirix-Viewer | Osirix Md | <= 2.7 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
- http://osvdb.org/99518
- http://www.securityfocus.com/bid/63566
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88606
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
- http://osvdb.org/99518
- http://www.securityfocus.com/bid/63566
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88606
FAQ
What is CVE-2013-4425?
CVE-2013-4425 is a vulnerability with a CVSS score of 1.9 (LOW). The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain...
How severe is CVE-2013-4425?
CVE-2013-4425 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4425?
Check the references section above for vendor advisories and patch information. Affected products include: Osirix-Viewer Osirix, Osirix-Viewer Osirix Md.