Improper authorization - receptionist can read all secure messaging in openemr/openemr
Apr 23rd 2022
Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code.
Proof of Concept
- Install openemr in your system and create an admin account and a receptionist account
- Use admin account and create a secure message by go to Portal > Portal Mail
- Log in as receptionist and go to Portal > Portal Mail, you can see that you see no secure message; the request body for portal mail looks like
Replace this with
owner=admin and you can view all messages by
Allow receptionist to read all messages.