Difference between revisions of "Critical Security Fix for OpenEMR setup.php"

Revision as of 06:37, 30 November 2017

In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 .

Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/

In order to protect yourself from this vulnerability:

Update to the most recent patch via following instructions: OpenEMR Patches
Remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).

@@ Line 1: / Line 1: @@
+== Overview ==
 :In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 .
 :*Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
 :*And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/
+== Secure Your OpenEMR ==
 :In order to protect yourself from this vulnerability:
 ::*If using OpenEMR 5.0.0:
@@ Line 9: / Line 11: @@
 ::*If using OpenEMR 4.2.2 or lower:
 :::#Remove the setup.php file from the openemr web directory.
+== OpenEMR Community Response ==
+: