Feature #261: [Security Audit Round 2 ] Application Logic Bypass (Reapeated) - E-Arogya - Redmine

Actions

Copy link

Feature #261

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Application Logic Bypass (Reapeated)

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:

Ready for Prod

Priority:

High

Assignee:

Harish Beechani

Category:

Target version:

Security Audit

Start date:

01/05/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

Application Logic Bypass (Repeated)
CWE : CWE-840
Description :
The application does not perform or incorrectly performs an authorization check when
attempts to perform an action.
Affected Path(s) :
https://earogya.satragroup.in/patient/39/patient-Registration *-Applicable to entire
application
Impact :
An attacker could read sensitive data, either by reading the data directly from a data
store that is not properly restricted, or by accessing insufficiently-protected, privileged
functionality to read the data.
Evidence/Proof Of Concept :
Step 1: Patient user registration submitted successfully with wrong date as shown in below
screenshot

Recommendation :
Make sure that the access control mechanism is enforced correctly at the server side on
every page.

Files

clipboard-202405011259-n8a34.png (87.4 KB) clipboard-202405011259-n8a34.png

Kalyan Battula, 01/05/2024 12:59 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Feature #261

[Security Audit Round 2 ] Application Logic Bypass (Reapeated)

Updated by Harish Beechani 12 months ago

Updated by Harish Beechani 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Harish Beechani 11 months ago