CVE-2023-54347

HighPublic PoC

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0015 35.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username…

and password combinations without account lockout restrictions.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-7 Unsuccessful Logon Attempts

addresses: CWE-307

This control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms.

IA-10 Adaptive Authentication

addresses: CWE-307

Specific conditions can include excessive failed attempts, triggering stronger authentication that restricts brute-force exploitation.

Security SummaryAI

CVE-2023-54347 is an authentication brute force vulnerability in OpenEMR version 7.0.1. The flaw allows attackers to bypass rate limiting protections on the main login endpoint by sending repeated POST requests containing authUser and clearPass parameters. This enables systematic testing of username and password combinations without triggering account lockout restrictions. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-307 (Improper Restriction of Excessive Authentication Attempts).

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By submitting multiple login attempts, they can brute force credentials to gain unauthorized access to the application, potentially compromising sensitive patient data due to the high confidentiality impact.

Advisories and resources, including the Vulncheck advisory on the authentication brute force mitigation bypass, an Exploit-DB proof-of-concept (exploit 51413), the official OpenEMR website, and the v7.0.1 source tarball on GitHub, provide further details for assessment and remediation. Security practitioners should review these for patch availability and mitigation guidance.

Details

CWE(s): CWE-307

Affected Products

open-emr

openemr

7.0.1

References

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51413
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.open-emr.org/
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass
Third Party Advisory · disclosure@vulncheck.com