All affected e-Sushrut versions, specific versions not disclosed
Summary
This vulnerability exists because e-Sushrut exposes OTPs in plaintext within API responses. A remote attacker can intercept unencrypted or improperly encrypted API responses to steal valid OTPs for target user accounts. Successful exploitation allows attackers to impersonate legitimate users and gain unauthorized account access.
Remediation
Encrypt OTP data in all API responses and eliminate plaintext transmission of sensitive authentication credentials. Apply the latest available security patch from e-Sushrut developers. Enforce modern TLS encryption for all API traffic to reduce interception risk.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.