DavaIndia Pharmacy recently suffered a significant security breach that compromised customer order details and granted unauthorized individuals full administrative access to their internal systems. The vulnerability was discovered by a security researcher who identified an exposed subdomain that allowed anyone to bypass authentication and control sensitive backend functions.

DavaIndia is a prominent Indian pharmacy retail chain managed by Zota Health Care Ltd. that specializes in providing affordable generic medicines to the public. By offering low-cost alternatives to expensive branded drugs, the company aims to make essential healthcare more accessible to a wide demographic across India. The brand operates through an extensive network of hundreds of franchised stores located in both urban and semi-urban regions throughout the country.

The business model of DavaIndia is built on a value-driven approach that includes the sale of prescription medications, over-the-counter products, and various wellness items at discounted rates. Because the chain handles a high volume of transactions and sensitive health data, its digital infrastructure is a critical component of its daily operations. This focus on affordability and wide-scale distribution has made it a major player in the Indian pharmaceutical retail market.

However, a serious security flaw was recently uncovered that put the company and its customers at risk. Security researcher Eaton Zveare found that a specific admin subdomain was left unprotected, effectively leaving the digital doors wide open. This oversight allowed for unauthenticated access to super-admin APIs, which are the powerful tools used to manage the entire platform. This meant that an outsider could potentially view private customer information or manipulate internal databases without needing a password.

The implications of this flaw were severe, as it provided full administrative control over the company's platform. Beyond just exposing personal data and order histories, the vulnerability put sensitive drug-control functions at risk. Such access could have allowed malicious actors to interfere with the integrity of the supply chain or the management of medications, posing a threat that extends beyond mere data privacy into the realm of public safety.

The discovery highlights a critical lapse in the cybersecurity protocols of a major healthcare provider. While the company focuses on making medicine more affordable, this incident serves as a reminder that digital security is just as important as physical accessibility. Protecting the internal systems that manage drug distribution and customer records is essential for maintaining the trust of the millions of people who rely on the chain for their healthcare need

Source: Security Flaw At DavaIndia Pharmacy Exposes Customers’ Data And More