CVE-2013-4425 Information

Description

The DICOM listener in OsiriX before 5.8 and before 2.5-MD when starting up encrypts the TLS private key file using \SuperSecretPassword\ as the hardcoded password which allows local users to obtain the private key.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html http://osvdb.org/99518 http://www.securityfocus.com/bid/63566 https://exchange.xforce.ibmcloud.com/vulnerabilities/88606