Knowledge of the hard-coded credentials let attackers to evade the authenticationand and be able to get sensitive patient information. To identify and especially fix the hole, created by the hard-coded credentials, system administrator should totally disable the product.
Two main variations are used.
Inbound: an authentication mechanism of software control and check all the input credentials, not allowing access to any hard-coded credentials.
Outbound: for connection with another system or component software uses hard-coded credentials, containing in that component.
Using of hard-coded passwords helps attackers to cause resource functionality exposure, breach of sensitive information or even arbitrary code execution.
The weakness is intoduced during Architecure and Design stage.
Latest vulnerabilities for CWE-798
Description of CWE-798 on Mitre website