X41 D-Sec GmbH Security Advisory: X41-2020-002

Multiple Vulnerabilities in Psyprax

Summary and Impact

Several passwords were not protected properly, which might help an attacker gain access or elevate privileges.

Product Description

Psyprax allows you to manage a medical office and patients.

Screensaver Password not protected


The file C:\ProgramData\Psyprax32\PPScreen.ini contains a hash for the lockscreen of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.


Use proper Windows screen locking.

Firebird Database accessible with default password


The Firebird database is accessible with the default user ‘sysdba’ and password ‘masterke’ after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.


Properly firewall the database and set a password.

Passwords not securely stored


Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example the password ‘AAAAAAAA’ is stored in the database as ‘MMMMMMMM’.

These can be retrieved via the database:

SQL> select * from K_CFP_CONFIG_PARAM where K_CFP_PARAM = ‘CryptPassword’;


A proper password storage algorithm that includes a salt and is strong enough to prevent brute force attacks, such as argon2, scrypt or bcrypt, should be implemented.


About X41 D-SEC GmbH

X41 is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.

Fields of expertise in the area of application security are security centered code reviews, binary reverse engineering and vulnerability discovery. Custom research and a IT security consulting and support services are core competencies of X41.