The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. According to several reference links Osirix MD before 2.8 are vulnerable
http://www.securityfocus.com/bid/63566/discuss
http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
Publication date: Mon, 18 Nov 2013 08:55:00 +0000