-
Type:
Bug
-
Resolution: Done
-
Priority:
Medium
-
Affects Version/s: 3.4.0
-
AMRIT Sprint 48, AMRIT Sprint 49
-
ECD
-
UAT
The application disables the ability to copy or paste text in https://uatamrit.piramalswasthya.org/ecd/login. While intended to prevent data leakage or content duplication, this is not an effective security measure and negatively impacts user experience and accessibility. Users can still bypass these restrictions using browser developer tools, keyboard shortcuts, or other means.
| Vulnerability Name | Vulnerable Point, Port or Parameter | CVE/CWE | CVSS Score | Overall Risk (Severity) |
Mapping with OWASP Testing Checklist | Observation / Description | Impact | Recommendation | Reference | Steps to reproduce |
| Copy Paste | https://uatamrit.piramalswasthya.org/ecd/login | CWE-16 | 3.1 | Low | OWASP Client Side Testing | The application allows copying and pasting of credentials directly into the login form input fields. | Sensitive credentials may remain in the clipboard history, especially on shared or public devices. | Disable Clipboard Events on Password Fields | https://cwe.mitre.org/data/definitions/16.html | Step 1 : During The Security Assessment While accessing the login page during the security assessment, we observed that Copy Paste functionality was enabled |
