E-Arogya

17/04/2024

10:47 PM Bug #90 (In Progress): [Security Audit ] 25- Logout Functionality Not Implemented

Karthik Daram

04:08 PM Bug #90 (Closed): [Security Audit ] 25- Logout Functionality Not Implemented

25 -Logout Functionality Not Implemented
CWE : CWE-1028
Description :
Logout functionality has not been implement... Kalyan Battula

10:46 PM Bug #83 (In Progress): [Security Audit ]18- Application Logic Bypass

Karthik Daram

10:43 PM Bug #83 (Resolved): [Security Audit ]18- Application Logic Bypass

Karthik Daram

10:32 PM Bug #83 (In Progress): [Security Audit ]18- Application Logic Bypass

Karthik Daram

04:00 PM Bug #83 (Closed): [Security Audit ]18- Application Logic Bypass

18- Application Logic Bypass
CWE : CWE-840
Description :
The application does not perform or incorrectly performs... Kalyan Battula

10:06 PM Bug #96 (In Progress): [Security Audit ] 31 -Username and Password field with auto-complete

Karthik Daram

04:17 PM Bug #96 (Closed): [Security Audit ] 31 -Username and Password field with auto-complete

31- Username and Password field with auto-complete
CWE : CWE-16
Description :
The Web form contains passwords or ... Kalyan Battula

04:14 PM Bug #95 (Closed): [Security Audit ] 30- Port misconfiguration

30 -Port misconfiguration
CWE : CWE-16
Description :
During the security audit it was observed that the applicati... Kalyan Battula

04:13 PM Bug #94 (Closed): [Security Audit ] 29 -Clickjacking Attack

29- Clickjacking Attack
CWE : CWE-1021
Description :
Clickjacking is a malicious technique of tricking a Web user... Kalyan Battula

04:11 PM Bug #93 (Closed): [Security Audit ] 28- Technology/Version Disclosure

28- Technology/Version Disclosure
CWE : CWE-200
Description :
The HTTP responses returned by this web application... Kalyan Battula

04:10 PM Bug #92 (Closed): [Security Audit ] 27 -Sensitive Data Passed Through URL Parameters

27- Sensitive Data Passed Through URL Parameters
CWE : CWE-598
Description :
The web application uses the HTTP GE... Kalyan Battula

04:09 PM Bug #91 (Closed): [Security Audit ] 26 -Cross-Site Request Forgery (CSRF)

26- Cross-Site Request Forgery (CSRF)
CWE : CWE-352
Description :
Cross-Site Request Forgery (CSRF) is an attac... Kalyan Battula

04:07 PM Bug #89 (Closed): [Security Audit ] 24- Improper Error Handling

24- Improper Error Handling
CWE : CWE-388
Description :
Application discloses various error messages including st... Kalyan Battula

04:06 PM Bug #88 (Closed): [Security Audit ] 23- Email addresses disclosed

23 -Email addresses disclosed
CWE : CWE-200
Description :
email addresses of developers and other individuals (wh... Kalyan Battula

04:05 PM Bug #87 (Closed): [Security Audit ] 22 -Security headers are not Implemented

22- Security headers are not Implemented
CWE : CWE-16
Description :
Modern browsers support many HTTP headers tha... Kalyan Battula

04:03 PM Bug #86 (Closed): [Security Audit ] 21 -Insufficient Anti-Automation

21- Insufficient Anti-Automation
CWE : CWE-799
Description :
Insufficient Anti-automation is when a web site perm... Kalyan Battula

04:02 PM Bug #85 (Closed): [Security Audit ] 20- Cross Origin Resource Sharing (CORS) Misconfiguration

20- Cross Origin Resource Sharing (CORS) Misconfiguration
CWE : CWE-642
Description :
The application implements ... Kalyan Battula

04:01 PM Bug #84 (Closed): [Security Audit ]19- Client side bypass / Improper server side validation

19- Client side bypass / Improper server side validation
CWE : CWE-602
Description :
The software is composed of ... Kalyan Battula

05:01 AM Bug #84 (In Progress): [Security Audit ]19- Client side bypass / Improper server side validation

Harish Beechani

03:59 PM Bug #82 (Closed): [Security Audit ]17 - OTP Bruteforce

17 - OTP Bruteforce
CWE : CWE-799
Description :
Application allows users to submit multiple wrong OTPs which lead... Kalyan Battula

04:21 AM Bug #82 (In Progress): [Security Audit ]17 - OTP Bruteforce

Harish Beechani

03:58 PM Bug #81 (Closed): [Security Audit ] 16- Weak Password Policy

16- Weak Password Policy
CWE : CWE-521
Description :
A weak password policy leaves sensitive data vulnerable to ... Kalyan Battula

05:38 AM Bug #81 (In Progress): [Security Audit ] 16- Weak Password Policy

Kranti Boddu

03:56 PM Bug #80 (Closed): [Security Audit ] 15- Insufficient Aadhaar Verification

15 -Insufficient Aadhaar Verification
CWE : CWE-20
Description :
Application is not verifying the aadhaar number ... Kalyan Battula

03:55 PM Bug #79 (Closed): [Security Audit ] 14 -Improper Session Management / Session Expiration too longer

14- Improper Session Management / Session Expiration too longer
CWE : CWE-613
Description :
In this application a... Kalyan Battula

03:53 PM Bug #78 (Closed): [Security Audit ] 13 -Aadhaar is Not Encrypted in Transit

13 -Aadhaar is Not Encrypted in Transit
CWE : CWE-311
Description :
The software transmits sensitive or security... Kalyan Battula

04:24 AM Bug #78 (In Progress): [Security Audit ] 13 -Aadhaar is Not Encrypted in Transit

Harish Beechani

03:51 PM Bug #77 (Closed): [Security Audit ] 12- OTP Bypass

12 -OTP Bypass
CWE : CWE-287
Description :
In this application OTP is disclosed in response.
Affected Path(s) : ... Kalyan Battula

03:49 PM Bug #76 (Closed): [Security Audit ] 11- OTP Flooding

11- OTP Flooding
CWE : CWE-770
Description :
This attack consists of generation of large number of OTP requests t... Kalyan Battula

03:46 PM Bug #75 (Closed): [Security Audit ]10 -Sensitive Information Disclosure

10- Sensitive Information Disclosure
CWE : CEW-200
Description :
Information disclosure, also known as informat... Kalyan Battula

03:44 PM Bug #74 (Closed): [Security Audit ] 9- Improper Input Validation

9- Improper Input Validation
CWE : CWE-20
Description :
The product receives input or data, but it does not valid... Kalyan Battula

03:43 PM Bug #73 (Closed): [Security Audit ] 8- Insecure Direct Object Reference (IDOR)

8- Insecure Direct Object Reference (IDOR)
CWE : CWE-639
Description :
An indirect object reference is likely t... Kalyan Battula

03:41 PM Bug #72 (Closed): [Security Audit ] 7- Framework Obsolete Version in usage

7 Framework Obsolete Version in usage
CWE : CWE-1035
Description :
It is observed that java spring boot older ve... Kalyan Battula

03:39 PM Bug #71 (Closed): [Security Audit ] 6- Unrestricted File Upload

6- Unrestricted File Upload
CWE : CWE-434
Description :
The application fails to restrict the file types that the... Kalyan Battula

03:37 PM Bug #70 (Closed): [Security Audit ] 5 -Failed Defences Against Application Misuse

5 -Failed Defences Against Application Misuse
CWE : CWE-841
Description :
The misuse and invalid use of valid fu... Kalyan Battula

03:36 PM Bug #69 (Closed): [Security Audit ] 4- User Account Takeover

4- User Account Takeover
CWE : CWE-285
Description :
The software does not perform or incorrectly performs an aut... Kalyan Battula

03:33 PM Bug #68 (Closed): [Security Audit ] 3-Broken Access Control

Broken Access Control
CWE : CWE-425
Description :
The application allows an unauthenticated user to access the pa... Kalyan Battula

03:29 PM Bug #67 (In Progress): [Security Audit ] 2-Insecure Data Storage

Insecure Data Storage
CWE : CWE-312
Description :
Insecure data storage vulnerabilities occur when development te... Kalyan Battula

03:24 PM Bug #66 (Closed): [Security Audit ] 1- Privilege Escalation

Privilege Escalation
CWE : CWE-269
Description :
Access control (or authorization) is the application of constr... Kalyan Battula

03:04 PM Feature #65 (New): Security Audit

List of Security Audit issues Kalyan Battula