Locked-in text of the administrator password in the medical Medhost system

The Medhost system - "Perioperative Information Management" (aka PIMS or VPIMS), helpful in managing patient health information, contains serious "shortcomings" from the time of designing the application. All versions of Medhost software before 2015R1 have (CVE-2016-4328) administrator's credentials (login and password: "dms") locked with an open text to connect to the PostgreSQL database, which contains the entered patient documentation. In short, this means that an attacker who acquires login information can remotely access the Apache Solr server, which works by default on the TCP8080 port and gains access to very sensitive information.

The second vulnerability (CVE-2017-11614) is reserved for Medhost Connex - an electronic vaccine registry. Access to the database user is hardcoded in many places of the application: the username is HMSCXPDN, and the password has not been published by the vulnerability discoverer. Unfortunately, customers can not change their credentials - they are set for everyone the same during installation. Interestingly, customers who do not use Medhost Connex are equally vulnerable - the installer creates an account for Medhost Connex anyway. An attacker who gains access to the database tables can modify confidential patient data and financial information.

The Medhost company was founded 30 years ago. It seems that experience and care for digital security will follow such a long experience. I think someone "forgot" about the audit. In devices and systems for the medical industry there should not be such incidents, but it does happen. Cases of abandoning support for commercial and specialist software after just a few years from winning the tender are not uncommon.

Medhost clients are recommended to migrate to alternative systems.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.