Bug #78: [Security Audit ] 13 -Aadhaar is Not Encrypted in Transit - E-Arogya - Redmine

Actions

Copy link

Bug #78

closed

Feature #65: Security Audit

[Security Audit ] 13 -Aadhaar is Not Encrypted in Transit

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Deepika Valluri

Category:

Target version:

Security Audit

Start date:

24/04/2024

Due date:

% Done:

100%

Estimated time:

(Total: 0:00 h)

Deployed In:

Category:

Description

13 -Aadhaar is Not Encrypted in Transit
CWE : CWE-311
Description :
The software transmits sensitive or security-critical data in cleartext in a communication
channel.
Affected Path(s) :
https://earogya.satragroup.in/patient/0/patient-Registration *-Applicable to entire
application
Impact :
Anyone can read the information by gaining access to the channel being used for
communication.
Recommendation :
Encrypt the data with a reliable encryption scheme before transmitting.
Evidence/Proof Of Concept :
Step 1: As seen below all the actions of the user including the aadhar are stored in plain text.

Files

clipboard-202404171553-ivxcc.png (54.6 KB) clipboard-202404171553-ivxcc.png

Kalyan Battula, 17/04/2024 03:52 PM

Subtasks 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Bug #78

[Security Audit ] 13 -Aadhaar is Not Encrypted in Transit

Updated by Harish Beechani about 1 year ago

Updated by Harish Beechani about 1 year ago

Updated by Deepika Valluri 12 months ago

Updated by Vasudev Mamidi 12 months ago

Updated by Karthik Daram 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Gautam Kumar 7 months ago