CVE-2023-54347 PUBLISHED

OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

Assigner: VulnCheck
Reserved: 10.01.2026 Published: 05.05.2026 Updated: 05.05.2026

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Open-Emr
Product OpenEMR
Versions
  • Version 7.0.1 is affected

Credits

  • abhhi (Abhishek Birdawade) finder

References

Problem Types

  • Improper Restriction of Excessive Authentication Attempts CWE