Bug #80: [Security Audit ] 15- Insufficient Aadhaar Verification - E-Arogya - Redmine

Actions

Copy link

Bug #80

closed

Feature #65: Security Audit

[Security Audit ] 15- Insufficient Aadhaar Verification

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Deepika Valluri

Category:

Target version:

Security Audit

Start date:

17/04/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

15 -Insufficient Aadhaar Verification
CWE : CWE-20
Description :
Application is not verifying the aadhaar number from aadhaar portal, due to this an
attacker could misuse the genuine user’s aadhaar numbers to avail a service in TTD
online portal, which results in non availability of resource to genuine user
Affected Path(s) :
https://earogya.satragroup.in/patient/0/patient-Registration *-Applicable to entire
application
Impact :
Aadhaar validation misuse will impact availability of resource to be accessed by genuine
user.
Recommendation :
It is recommended to validate the aadhaar using any biometric or OTP based service.
Evidence/Proof Of Concept :
Step 1: Aadhaar number not verified properly as shown in below screenshots.

Step 2: Any random number can be given and submitted successfully as shown in below
screenshot.

Files

Download all files

clipboard-202404171556-bucan.png (65 KB) clipboard-202404171556-bucan.png		Kalyan Battula, 17/04/2024 03:56 PM
clipboard-202404171556-ealle.png (69.9 KB) clipboard-202404171556-ealle.png		Kalyan Battula, 17/04/2024 03:56 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Bug #80

[Security Audit ] 15- Insufficient Aadhaar Verification

Updated by Vasudev Mamidi 12 months ago

Updated by Kranti Boddu 12 months ago

Updated by Deepika Valluri 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Gautam Kumar 7 months ago