CVE-2013-4425

Severity CVSS v4.0:

Pending analysis

Type:

CWE-255 Credentials Management

Publication date:

18/11/2013

Last modified:

11/04/2025

Description

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.

Impact

Vector 2.0

AV:L/AC:M/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 1.90 LOW
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

1.90

Severity 2.0

LOW

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:osirix-viewer:osirix::::::::		5.7 (including)
cpe:2.3:a:osirix-viewer:osirix:0.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.0:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.1:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.1.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.3:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.4:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.5:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.5.1:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.5.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6.3:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6.4:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:osirix-viewer:osirix::::::::		5.7 (including)
cpe:2.3:a:osirix-viewer:osirix:0.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.0:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.1:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.1.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.3:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.4:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.5:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.5.1:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.5.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6.2:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6.3:::::::*
cpe:2.3:a:osirix-viewer:osirix:1.6.4:::::::*

CVE-2013-4425

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools