DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. DEXIS Imaging Suite 10 contains several hard-coded database credentials allowing administrative or root access to the patient database. Select desired images by checking the boxes next to the image names, click on Export Images. Open the correct patient screen and click on the Import icon. Verify that the same location, “C: dexis temp” is listed in the “from” box. Click on the file name(s), click on Import Selected, click Done. Your Windows computer will remain clean, speedy and able to run without errors or problems. DOWNLOAD NOW Disclaimer The text above is not a recommendation to remove DEXIS Software Suite by DEXIS from your computer, we are not saying that DEXIS Software Suite by DEXIS is not a good application for your computer. DEXIS – DEXIS 9 and DEXIS Imaging Suite are now compatible with Windows 10 along with DEXIS Platinum Sensors, DEXcam 3, DEXcam 4 and CariVu. For more information, please visit or contact DEXIS customer care at 888.883.3947.
DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database.
Description
CWE-798: Use of Hard-coded Credentials - CVE-2016-6532
DEXIS Imaging Suite 10 contains several hard-coded database credentials allowing administrative or root access to the patient database. Other versions of DEXIS may also be affected.
Impact
A remote, unauthenticated attacker may be able to gain administrative access to the DEXIS patient database.
Solution
Update the database credentials DEXIS has provided the instructions below for updating the database password. Changing the database credentials will mitigate the issue. Affected users may also contact DEXIS Customer Support for more information or support. Changing the DEXIS database password This procedure targets installations of DEXIS Imaging Suite (version 10). It will not work for older versions (9 and earlier) or DEXIS 11 and newer. The DEXIS Imaging Suite database installation uses a well-known database instance name and password, allowing others to access your database, which contains sensitive patient information. Ideally, these should be changed to increase the security of your database. During installation During installation of the server, it is recommended that the instance name be changed from the default, “DEXIS_DATA”. Windows 2012 r2 version number. Using the default name allows anyone to search for your database with a well-known name. Note that you cannot change the instance name once the database in installed. You are unable to specify a different password during the installation process. After installation After DEXIS is installed, you can change your database password using the following procedure. Note that this procedure will work if you installed a new instance of the database using the supplied installation media. On the installation media, browse to the following directory: “D:CommonSoftwaressmse2005x86”, where D: is the drive letter on which the installation media is mounted. Run SQLServer2005_SSMSEE.mis to install SQL Server Management Studio Express on your server. Use the default options in the installation dialogs. Start the SQL Server Management Studio (Start → All Programs → Microsoft SQL Server 2005 → SQL Server Management Studio Express). On the “Connect to Server” dialog, change the Authentication setting to “SQL Server Authentication”. The Login name is “sa”, and the password is in the user manual. It is recommended that you do not use the default (well-known) password, and to use a strong password for your database. There are web-sites which will generate a strong password for you (such as: https://identitysafe.norton.com/password-generator) or will indicate how strong your password is (such as http://www.passwordmeter.com/). On the left side panel, select “Security” → “Logins”. Double-click the “sa” user, and enter a new password on the General page. You will need to enter the same password twice to confirm. Updating DEXIS to use the new password Run DEXIS Imaging Suite (double-click the icon on the desktop). DEXIS will display an error (The following configuration errors were detected). Click “OK”. Click on the setting button ( ). Select the Data panel in preferences. Check the “Edit Advanced settings” option. Click “OK” on the displayed warning dialog. Enter your new password in the dialog. Press the “Verify” button to test the settings. When successful, select “OK” and restart DEXIS. You are now using the new password. Apply an update According to the vendor, DEXIS Eleven does not use hard-coded credentials for accessing the database. Affected customers are encouraged to update to DEXIS Eleven as soon as possible. You may also consider the following workaround:
Restrict network access Use a firewall or similar technology to restrict access to trusted hosts, networks, and services.
Vendor Information
Affected Unknown Unaffected
Javascript is disabled. Click here to view vendors.
Dexis
Updated: August 22, 2016
Statement Date: August 18, 2016
Status
Affected
Vendor Statement
Windows 10 Download
No statement is currently available from the vendor regarding this vulnerability.
If you want to use Terminal on Windows, As we all Know, Terminal does not pre-install in Windows 10, 8 and 7. But We can Install Terminal on WIndows. If you want to use Terminal on your Windows 10,8 and 7. So Here you can read full easy guide. Terminal emulators are used to access the command-line interface. A good terminal emulator for Windows will be customizable both in its utility and aesthetics, offer lots of functionality and integrate well with Windows. Open terminal in windows 10.
Dexis 9 Windows 10 Version Dupe Glitch
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
Group
Score
Vector
Base
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal
8.6
E:F/RL:TF/RC:C
Environmental
6.4
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND
Dexis 10 System Requirements
References
Acknowledgements
Dexis 9 Download
Thanks to Justin Shafer for reporting this vulnerability.