CVE-2013-4425

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
osirix-viewerosirix
𝑥
≤ 5.7
osirix-viewerosirix
0.2
osirix-viewerosirix
1.0
osirix-viewerosirix
1.1
osirix-viewerosirix
1.1.2
osirix-viewerosirix
1.2
osirix-viewerosirix
1.3
osirix-viewerosirix
1.4
osirix-viewerosirix
1.5
osirix-viewerosirix
1.5.1
osirix-viewerosirix
1.5.2
osirix-viewerosirix
1.6
osirix-viewerosirix
1.6.2
osirix-viewerosirix
1.6.3
osirix-viewerosirix
1.6.4
osirix-viewerosirix
1.6.5
osirix-viewerosirix
1.7
osirix-viewerosirix
1.7.1
osirix-viewerosirix
2.0
osirix-viewerosirix
2.1
osirix-viewerosirix
2.2
osirix-viewerosirix
2.3
osirix-viewerosirix
2.3.1
osirix-viewerosirix
2.4
osirix-viewerosirix
2.5
osirix-viewerosirix
2.6
osirix-viewerosirix
2.7.5
osirix-viewerosirix
3.0
osirix-viewerosirix
3.1
osirix-viewerosirix
3.2.1
osirix-viewerosirix
3.3
osirix-viewerosirix
3.5
osirix-viewerosirix
3.6
osirix-viewerosirix
3.7.1
osirix-viewerosirix
3.8.1
osirix-viewerosirix
3.9.4
osirix-viewerosirix
4.0
osirix-viewerosirix
4.1.2
osirix-viewerosirix
5.0.2
osirix-viewerosirix
5.5.2
osirix-viewerosirix
5.6
osirix-viewerosirix_md
𝑥
≤ 2.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
http://osvdb.org/99518
http://www.securityfocus.com/bid/63566
https://exchange.xforce.ibmcloud.com/vulnerabilities/88606
http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
http://osvdb.org/99518
http://www.securityfocus.com/bid/63566
https://exchange.xforce.ibmcloud.com/vulnerabilities/88606