### [CVE-2021-25923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25923)
![](https://img.shields.io/static/v1?label=Product&message=openemr&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=v5.0.0%2C%20v5.0.0.5%2C%20v5.0.0.6%2C%20v5.0.1%2C%20v5.0.1.1%2C%20v5.0.1.2%2C%20v5.0.1.3%2C%20v5.0.1.4%2C%20v5.0.1.5%2C%20v5.0.1.6%2C%20v5.0.1.7%2C%20v5.0.2%2C%20v5.0.2.1%2C%20v5.0.2.2%2C%20v5.0.2.3%2C%20v5.0.2.4%2C%20v6.0.0%2C%20v6.0.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Weak%20Password%20Requirements&color=brightgreen)

### Description

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.

### POC

#### Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923

#### Github
No PoCs found on GitHub currently.