Primary

Context

C-DAC e-Sushrut Sensitive Data Exposure and Cryptographic Failure Vulnerability

Vulnerability

A vulnerability in the C-DAC e-Sushrut Hospital Management Information System (HMIS) has been identified, allowing for the unauthorized disclosure of sensitive information and cryptographic keys. This issue arises from the presence of hardcoded AES encryption keys in client-side JavaScript, which can be accessed and extracted by an unauthenticated remote attacker. The successful exploitation of this vulnerability could lead to the exposure of sensitive data and a compromise of cryptographic protections on the affected system.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive data and cryptographic keys, undermining the security of encrypted information on the system.

Remediation

Users are advised to contact C-DAC for upgrading the e-Sushrut HMIS to the latest version.

Added: Apr 29, 2026, 9:19 AM

Updated: Apr 29, 2026, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

C-DAC e-Sushrut Sensitive Data Exposure and Cryptographic Failure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating