CVE-2010-5308
Summary
| CVE | CVE-2010-5308 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-08-04 14:59:00 UTC |
| Updated | 2015-08-05 11:31:00 UTC |
| Description | GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Gehealthcare | Optima Mr360 Firmware | - | All | All | All |
| Operating System | Gehealthcare | Optima Mr360 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Marketplace-US Marketplace Home | GE Healthcare | CONFIRM | apps.gehealthcare.com | |
| Vulnerable Breasts And Brains? Cancer Scan Tech Has Terrible Password Security | MISC | www.forbes.com | |
| Dale Peterson on Twitter: "Funny slide with GE default password word cloud. Go bigguy! #Shakacon http://t.co/t1dcIziQza" | MISC | twitter.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.