Cyber Resilience

CVE-2023-54347

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0054 41.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2023-54347 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Open-Emr Openemr. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 41.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and AU-12 (Audit Record Generation).

Deeper analysis

CVE-2023-54347 is an authentication brute force vulnerability in OpenEMR version 7.0.1. The flaw allows attackers to bypass rate limiting protections on the main login endpoint by sending repeated POST requests containing authUser and clearPass parameters. This enables systematic testing of username and password combinations without triggering account lockout restrictions. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-307 (Improper Restriction of Excessive Authentication Attempts).

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By submitting multiple login attempts, they can brute force credentials to gain unauthorized access to the application, potentially compromising sensitive patient data due to the high confidentiality impact.

Advisories and resources, including the Vulncheck advisory on the authentication brute force mitigation bypass, an Exploit-DB proof-of-concept (exploit 51413), the official OpenEMR website, and the v7.0.1 source tarball on GitHub, provide further details for assessment and remediation. Security practitioners should review these for patch availability and mitigation guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username…

more

and password combinations without account lockout restrictions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
T1110.001 Password Guessing Credential Access
Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts.
Why these techniques?

Vulnerability directly enables brute-force credential guessing by bypassing rate limiting on the login endpoint.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24848Same product: Open-Emr Openemr
CVE-2025-29789Same product: Open-Emr Openemr
CVE-2026-32127Same product: Open-Emr Openemr
CVE-2026-33910Same product: Open-Emr Openemr
CVE-2025-69231Same product: Open-Emr Openemr
CVE-2026-33914Same product: Open-Emr Openemr
CVE-2013-10044Same product: Open-Emr Openemr
CVE-2026-34056Same product: Open-Emr Openemr
CVE-2026-33301Same product: Open-Emr Openemr
CVE-2026-32121Same product: Open-Emr Openemr

Affected Assets

open-emr
openemr
7.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces limits on consecutive unsuccessful logon attempts with automatic account lockouts or delays, preventing brute force exploitation of the login endpoint.

prevent

Implements denial-of-service protections such as rate limiting specifically on authentication endpoints to restrict excessive repeated login requests.

detect

Mandates generation of audit records for unsuccessful logon attempts, allowing detection of systematic brute force credential testing.

References