McKesson Horizon Clinical Infrastructure, also known as McKesson HCI, utilizes hardcoded passwords for Oracle database access. HCI serves as the patient record datastore for the majority of McKesson applications. There are two components to an HCI implementation: the Infrastructure (or Master) server and the database back-end. The HCI Infrastructure Server has an Oracle client installed that initializes OCI/sqlplus connections to the Oracle database back-end. A file on each HCI Infrastructure server contains the database account usernames and their respective passwords, /usr/local/bin/password. Content from /usr/local/bin/password is shown: # cat /usr/local/bin/password AMBU:hacschema QUEUE_USER:qmanager SYS:alLp0ver2 SYSTEM:urA7mvP CHANGEMGR:datacontrol CCDEV:ccdev CCDBA:ccnulls *HAS ORACLE SYSDBA PRIVS* CCDATA:ccdata CCFORMS:ccforms CCINTERFACE:ccinterface MCKHEO:mckheo CCREL:ccrel CCQUERY:ccquery CDXWEB:winplu5 DRUG1:fdb3schema DRUG2:fdb3schema enc_ent:encent ENT:entpazz ENT_CONFIG:ent_configpazz ADF:adfpazz INF:infpazz INF_CONFIG:inf_configpazz SDM:sdmpazz STRMADM:pazzw0rd ENT_AUD:pazzw0rd ENT_ARCH:pazzw0rd POC_ARCH:pazzw0rd POC_AQ:qmanager INF_AQ:qmanager DATAMGR:datamgr CCUSER:bueno ALERTS:monitorhca HCALERTS:alertsuser AM:ampazz AM_AUD:pazzw0rd AUD:audpazz TMF:tmfpazz MN:mnpazz EH:ehpazz NG:ngpazz DM:dmpazz DMTOOL:dmtoolpazz STG_DMT:stg_dmtpazz WRL:wrlpazz NOTES:notespazz REPORTS:reportspazz ICONS:iconspazz BS:bspazz QZ:qzpazz RM:rmpazz RM_AUD:pazzw0rd COMMGR:commgrpazz OPSERVICE:opservicepazz SEC_CONFIG:sec_configpazz CTXSYS:ctxsyspazz OLOGY:ologypazz OLOGY_CONFIG:ology_configpazz DOC:docpazz DOC_CONFIG:doc_configpazz PORTAL:portal PORTAL_INSTALL:portal_install EBIDBADMIN:ebidbadmin DESIGN_OWNER:owb OWB_RUNTIME_REPOSITORY:owb RUNTIME_A_USER:owb Despite having a "central" password file that contains the credential information, much of the credentials are hardcoded throughout binaries and scripts that are shipped as part of the HCI Infrastructure server. # cd /u/live # find . -type f -print | xargs grep ccnull | wc -l 85 Here is some context of how the credentials are used throughout the HCI code: # find . -type f -print | xargs grep ccnull ./RUN_dmArchive:remote_db=`sqlplus -s ccdba/ccnulls$DB_SPEC_IF_REMOTE << EOF ./all_ord:LOGIN=ccdba/ccnulls ./bin/BatchDischarge:ora_user="ccdba/ccnulls$DB_SPEC_IF_REMOTE" ./bin/CheckDischargeRpts:ora_user="ccdba/ccnulls$DB_SPEC_IF_REMOTE" ./bin/Make_iv_template:sqlldr ccdba/ccnulls iv_bottle >> $LOG ./bin/Make_iv_template:ORD_SEQ=`sqlplus -S ccdba/ccnulls$DB_SPEC_IF_REMOTE <<- ENDSQL McKesson supports HCI on the AIX, HP-UX, and Linux passwords. The nature of hardcoded passwords implies that for every customer that has purchased HCI, the credentials for all of these role accounts are the same across the installations. According to the following press release, http://www.oracle.com/corporate/press/2008_mar/em-mckesson.html, McKesson software is installed in 70% of hospitals within the US. HCI serves as the core infrastructure component of other McKesson applications such as Horizon Lab, Horizon Patient Folder, Horizon CareLink, Horizon Expert Documentation, etc.