Vulnerabilities Found in OpenEMR During Penetration Testing

🩺🔍 Healthcare Penetration Testing Reveals Vulnerabilities in OpenEMR. A recent write-up in the Healthcare Penetration Testing series details the exploitation of vulnerabilities in a healthcare environment using a medium-difficulty Linux machine named Cache. The analysis uncovered an SQL injection vulnerability in an OpenEMR instance, allowing attackers to retrieve hashed passwords and exploit a Remote Command Execution (RCE) flaw. Additionally, credentials for a system user were found in a JavaScript file, enabling further access through Docker. The report emphasizes the importance of upgrading OpenEMR, implementing access controls, and conducting regular security assessments to mitigate risks associated with sensitive medical information. The patient data used in the report is fictitious and intended for educational purposes only.

Source

Original