All affected e-Sushrut versions, specific versions not disclosed
Summary
This vulnerability stems from improper authentication logic that relies on client-side response parameters to confirm authentication status. A remote attacker can exploit this by intercepting and modifying server responses to bypass authentication checks. Successful exploitation allows attackers to gain unauthorized access to any user account on the targeted system.
Remediation
Update authentication logic to validate all authentication status exclusively on the server side, instead of trusting client-controlled parameters. Install the latest official security update for e-Sushrut. Conduct code reviews to identify and remediate other client-side trust vulnerabilities.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.