CVE-2011-5322 in Healthcare Centricity Analytics Server
Summary
by MITRE
GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/04/2017
The vulnerability identified as CVE-2011-5322 represents a critical authentication flaw in GE Healthcare Centricity Analytics Server version 1.1, a medical imaging analytics platform widely deployed in healthcare environments. This vulnerability stems from the implementation of weak default credentials across multiple user accounts within the system's Webmin interface, creating a significant security risk that directly violates fundamental security principles outlined in the OWASP Top Ten and NIST cybersecurity frameworks. The presence of predictable and easily guessable passwords for administrative accounts exposes the entire analytics platform to unauthorized access and potential exploitation by threat actors.
The technical flaw manifests through the hardcoded default credentials that persist across multiple user roles within the system architecture, specifically targeting the SQL Server sa account with the password V0yag3r, while analyst, ccg, and viewer accounts utilize the password G3car3s, and the geservice user employs the password geservice. This systematic approach to credential management demonstrates a severe lack of security hardening practices and violates the principle of least privilege as defined in the CWE-798 weakness category. The vulnerability affects the Webmin interface, which serves as a web-based system administration tool, thereby expanding the attack surface beyond traditional database access points and creating multiple entry vectors for potential exploitation.
The operational impact of this vulnerability extends far beyond simple unauthorized access, as it provides attackers with elevated privileges that could compromise the integrity and confidentiality of medical imaging data and analytics within healthcare facilities. The presence of default credentials for the SQL Server sa account particularly dangerous as it grants full administrative control over the database system, potentially enabling data exfiltration, manipulation of patient records, or complete system compromise. Healthcare organizations utilizing this platform face significant regulatory compliance risks under HIPAA and other healthcare data protection regulations, as the vulnerability creates an attack vector that could lead to data breaches and unauthorized access to sensitive patient information.
The attack vectors available to threat actors exploiting this vulnerability are diverse and include both automated scanning techniques and targeted social engineering approaches. Attackers can leverage automated tools to identify systems with default credentials, while the predictable nature of these passwords reduces the time and effort required for successful exploitation. This vulnerability aligns with ATT&CK technique T1078.004, which covers legitimate credentials obtained through default accounts, and represents a classic example of poor security configuration management that violates NIST SP 800-123 guidelines for system hardening. Organizations should implement immediate mitigations including credential rotation, disabling unused accounts, implementing multi-factor authentication, and conducting comprehensive security assessments to identify and remediate similar default credential vulnerabilities across their IT infrastructure.
The broader implications of this vulnerability extend to the healthcare industry's overall security posture, as it demonstrates the persistent challenge of default credential management in industrial control systems and medical device environments. This flaw highlights the critical importance of implementing robust credential management policies and security hardening procedures, particularly in healthcare environments where patient safety and data protection are paramount. Organizations must prioritize regular security audits and vulnerability assessments to identify and remediate such configuration flaws before they can be exploited by malicious actors, ensuring compliance with healthcare regulatory requirements and maintaining the trust of patients and stakeholders in their digital health systems.