Vulnerability: Hardcoded Encryption Key Exposure in Patterson Dental Eaglesoft 21

Vulnerability: Hardcoded Encryption Key Exposure in Patterson Dental Eaglesoft 21

CVE-2022-37710 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.

Learn more about our Cis Benchmark Audit For Server Software.