Primary

Context

C-DAC e-Sushrut OTP Exposure Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability in the C-DAC e-Sushrut Hospital Management Information System (HMIS) allows for the interception of one-time passwords (OTPs) in plaintext within API responses. This exposure could be exploited by a remote attacker to impersonate users and gain unauthorized access to their accounts. The vulnerability arises from inadequate protection of sensitive data in API communications.

Impact

Successful exploitation enables account takeover by allowing attackers to impersonate users and access their accounts on the system.

Remediation

Users are advised to contact C-DAC for instructions on upgrading to the latest version of the e-Sushrut HMIS.

Added: Apr 29, 2026, 9:22 AM

Updated: Apr 29, 2026, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

C-DAC e-Sushrut OTP Exposure Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating