Difference between revisions of "Critical Security Fix for OpenEMR setup.php"

From OpenEMR Project Wiki
(Created page with ":In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 . :*Details of the first vulnerability can be found here: https://nv...")
 
Line 1: Line 1:
== Overview ==
:In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 .
:In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 .
:*Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
:*Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
:*And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/
:*And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/


== Secure Your OpenEMR ==
:In order to protect yourself from this vulnerability:
:In order to protect yourself from this vulnerability:
::*If using OpenEMR 5.0.0:
::*If using OpenEMR 5.0.0:
Line 9: Line 11:
::*If using OpenEMR 4.2.2 or lower:
::*If using OpenEMR 4.2.2 or lower:
:::#Remove the setup.php file from the openemr web directory.
:::#Remove the setup.php file from the openemr web directory.
== OpenEMR Community Response ==
:

Revision as of 06:37, 30 November 2017

Overview

In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 .

Secure Your OpenEMR

In order to protect yourself from this vulnerability:
  • If using OpenEMR 5.0.0:
  1. Update to the most recent patch via following instructions: OpenEMR Patches
  2. Remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).
  • If using OpenEMR 4.2.2 or lower:
  1. Remove the setup.php file from the openemr web directory.

OpenEMR Community Response