Bug #83: [Security Audit ]18- Application Logic Bypass - E-Arogya - Redmine

Actions

Copy link

Bug #83

closed

Feature #65: Security Audit

[Security Audit ]18- Application Logic Bypass

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Karthik Daram

Category:

Target version:

Security Audit

Start date:

17/04/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

18- Application Logic Bypass
CWE : CWE-840
Description :
The application does not perform or incorrectly performs an authorization check when
attempts to perform an action.
Affected Path(s) :
https://earogya.satragroup.in/patient/39/patient-Registration *-Applicable to entire
application
Impact :
An attacker could read sensitive data, either by reading the data directly from a data
store that is not properly restricted, or by accessing insufficiently-protected, privileged
functionality to read the data.
Recommendation :
Make sure that the access control mechanism is enforced correctly at the server side on
every page.
Evidence/Proof Of Concept :
Step 1: Patient registration submitted successfully with wrong DOB as shown in below
screenshot.

Files

clipboard-202404171600-ahorc.png (147 KB) clipboard-202404171600-ahorc.png

Kalyan Battula, 17/04/2024 04:00 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Bug #83

[Security Audit ]18- Application Logic Bypass

Updated by Karthik Daram about 1 year ago

Updated by Karthik Daram about 1 year ago

Updated by Karthik Daram about 1 year ago

Updated by Karthik Daram 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Gautam Kumar 7 months ago