Bug #77: [Security Audit ] 12- OTP Bypass - E-Arogya - Redmine

Actions

Copy link

Bug #77

closed

Feature #65: Security Audit

[Security Audit ] 12- OTP Bypass

Added by Kalyan Battula about 1 year ago. Updated 12 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Harish Beechani

Category:

Target version:

Security Audit

Start date:

17/04/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

12 -OTP Bypass
CWE : CWE-287
Description :
In this application OTP is disclosed in response.
Affected Path(s) :
https://earogya.satragroup.in/login *-Applicable to entire application
Impact :
Attacker can us e the OTP value to bypass the login without the actual user intervention
Recommendation :
It is recommended not to disclose the OTP in the response
Evidence/Proof Of Concept :
Step 1: Access the application and Go to forgot password page and enter random OTP as
shown in below screenshot.

Step 2: Successfully Navigate the password change page.

Step 3: Capture the above request and Observe the response.New Password has been
changed successfully even after entering the invalid OTP as shown in below screenshot.

Files

Download all files

clipboard-202404171550-mtklz.png (569 KB) clipboard-202404171550-mtklz.png		Kalyan Battula, 17/04/2024 03:50 PM
clipboard-202404171551-tbu68.png (553 KB) clipboard-202404171551-tbu68.png		Kalyan Battula, 17/04/2024 03:51 PM
clipboard-202404171551-lxzyq.png (54.8 KB) clipboard-202404171551-lxzyq.png		Kalyan Battula, 17/04/2024 03:51 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Bug #77

[Security Audit ] 12- OTP Bypass

Updated by Harish Beechani about 1 year ago

Updated by Vasudev Mamidi 12 months ago

Updated by Sivakanth Kesiraju 12 months ago