Bug #80: [Security Audit ] 15- Insufficient Aadhaar Verification - E-Arogya - Redmine

Actions

Copy link

Bug #80

closed

Feature #65: Security Audit

[Security Audit ] 15- Insufficient Aadhaar Verification

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Deepika Valluri

Category:

Target version:

Security Audit

Start date:

17/04/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

15 -Insufficient Aadhaar Verification
CWE : CWE-20
Description :
Application is not verifying the aadhaar number from aadhaar portal, due to this an
attacker could misuse the genuine user’s aadhaar numbers to avail a service in TTD
online portal, which results in non availability of resource to genuine user
Affected Path(s) :
https://earogya.satragroup.in/patient/0/patient-Registration *-Applicable to entire
application
Impact :
Aadhaar validation misuse will impact availability of resource to be accessed by genuine
user.
Recommendation :
It is recommended to validate the aadhaar using any biometric or OTP based service.
Evidence/Proof Of Concept :
Step 1: Aadhaar number not verified properly as shown in below screenshots.

Step 2: Any random number can be given and submitted successfully as shown in below
screenshot.

Files

Download all files

clipboard-202404171556-bucan.png (65 KB) clipboard-202404171556-bucan.png		Kalyan Battula, 17/04/2024 03:56 PM
clipboard-202404171556-ealle.png (69.9 KB) clipboard-202404171556-ealle.png		Kalyan Battula, 17/04/2024 03:56 PM