08/11/2021
Hello,
I found a critical IDOR+Unauthorised Directory Access vulnerability On AHIMS Portal (https://lnkd.in/gz8dC-UJ) - It is a website similar to COWIN portal, That enables students to book for Immuno Booster Homeo Medicine, A Kerala Government initiative as part of Post covid school reopening process.
As per my findings, It leaks very sensitive information such as government official Login credentials, Student personnel, and sensitive data like Aadhar card, Address, Contact Details, Age, Schoool Etc...
I reported this vulnerability on 27-10-2021 and now the vulnerability is patched by the concerned authority.
Link to detailed technical report: https://lnkd.in/ggM5KnuJ