CVE-2023-54347

HIGH 7.5

OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

CWE	CWE-307
Vendor	open-emr
Product	openemr
Published	May 5, 2026

Stay Ahead of the Next One

Get instant alerts for open-emr openemr

Be the first to know when new high vulnerabilities affecting open-emr openemr are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Open-Emr / OpenEMR

7.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51413 open-emr.org: https://www.open-emr.org/ github.com: https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz vulncheck.com: https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

Credits

abhhi (Abhishek Birdawade)