CVE-2023-54347
Published: 05 May 2026
Summary
CVE-2023-54347 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Open-Emr Openemr. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 41.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and AU-12 (Audit Record Generation).
Deeper analysis
CVE-2023-54347 is an authentication brute force vulnerability in OpenEMR version 7.0.1. The flaw allows attackers to bypass rate limiting protections on the main login endpoint by sending repeated POST requests containing authUser and clearPass parameters. This enables systematic testing of username and password combinations without triggering account lockout restrictions. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-307 (Improper Restriction of Excessive Authentication Attempts).
Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By submitting multiple login attempts, they can brute force credentials to gain unauthorized access to the application, potentially compromising sensitive patient data due to the high confidentiality impact.
Advisories and resources, including the Vulncheck advisory on the authentication brute force mitigation bypass, an Exploit-DB proof-of-concept (exploit 51413), the official OpenEMR website, and the v7.0.1 source tarball on GitHub, provide further details for assessment and remediation. Security practitioners should review these for patch availability and mitigation guidance.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-60570
Vulnerability details
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username…
more
and password combinations without account lockout restrictions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables brute-force credential guessing by bypassing rate limiting on the login endpoint.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces limits on consecutive unsuccessful logon attempts with automatic account lockouts or delays, preventing brute force exploitation of the login endpoint.
Implements denial-of-service protections such as rate limiting specifically on authentication endpoints to restrict excessive repeated login requests.
Mandates generation of audit records for unsuccessful logon attempts, allowing detection of systematic brute force credential testing.