December 3, 2020 – Advisory: Clinical Viewer Password Auto Completes when Saved

InterSystems has corrected a defect affecting the browser saving Clinical Viewer user’s passwords

This problem exists for:

  • HealthShare Clinical Viewer 2020.1.x

This defect occurs when a new name and password are entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.

The correction for this defect is identified as HSCV-6135 and will be included in all future product releases. It is also available via Adhoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the WRC.