cvedb.io
CVE-2016-6531
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2016-09-24T10:59:03.650 · Last modified 2026-06-17T00:51:19.957

Summary

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.

Affected products

opendental — opendental

Does this affect you?

Add your gear to cvedb and we'll alert you only when opendental ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.