MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access.
98dca02b13c0587283b1bd51d5cf1b91CVE-2017-11743
Overview
------------
MEDHOST Connex contains a hard-coded Mirth Connect admin password in
all versions. This is a new vulnerability not related to
CVE-2016-4328, CVE-2017-11614, CVE-2017-11693 or CVE-2017-11694.
Description
------------
MEDHOST Connex contains a hard-coded Mirth Connect admin credential
that is used for customer Mirth Connect management access. An attacker
with knowledge of the hard-coded credential and the ability to
communicate directly with the Mirth Connect management console may be
able to intercept sensitive patient information. The admin account
password is hard-coded throughout the application, and is the same
across all installations. Customers do not have the option to change
the Mirth Connect admin account password. The Mirth Connect admin
account is created during the Connex install. The plaintext account
password is hard-coded multiple times in the Connex install and update
scripts.
- connex-*.noarch.rpm
$ grep password connex-*.noarch.rpm
sed -i 's/^password.*/password=\$K8t1ng/'
/opt/mirthconnect/conf/mirth-cli-config.properties
Impact
------------
An attacker with knowledge of the hard-coded credential and the
ability to communicate directly with the Mirth Connect management
console may be able to obtain sensitive patient information.
Solution
------------
The vendor has not issued a patch and has been unresponsive to this
information after 3 attempts to communicate.
Restrict network access
As a general security practice, only allow connections from trusted
hosts and networks. Restricting access would prevent an attacker from
using the hard-coded database credentials from a blocked network
location.