Hardcoded credentials

2015-08-0414:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

CPENameOperatorVersion
centricity_pacs-iweq3.7.3.8
centricity_pacs-iweq3.7.3.7

CPE	Name	Operator	Version
	centricity_pacs-iw	eq	3.7.3.8
	centricity_pacs-iw	eq	3.7.3.7

References

apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1

apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1

www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/

twitter.com/digitalbond/status/619250429751222277