A teenager cybersecurity researcher's blog post unveils major vulnerabilities in the CBSE website, claiming that he hacked the board's On-Screen Marking portal and then even reported it them to the CERT-In back, this year in February. The 19-year-old, Nisarga Adhikary, wrote the issue in his blog, posted on his website on May 22. The issue got into the spotlight after tech entrepreneur Deedy Das post went viral.
Nisarga, in his blog post, had claimed that several of those issues remained unpatched for months."
“I had hacked CBSE's OSM (On-Screen Marking Portal) in February and had reported the vulnerabilities to CERT-In, but they were unable to patch most of them,” wrote Nisarga in his X handle post.
Highlighting Nisarga’s tweet, Deedy highlighted it and said, “A 19-year-old broke into India's largest high school examination system of 2M+ students a year, the CBSE, and was able to view and CHANGE any students' marks. He responsibly wrote to the team 3 months ago, and it took them 3 days to fix only one of the issues. Today, they took the entire website down.”
“This is an absolute embarrassment. The futures and lives of millions rest in the hands of the utterly incompetent. There is also no mass media reporting on the matter,” the post further read.
“This topic is close to me because not only is this the education system I went through, but 12 years ago, and silently for 5 years since, I'd written about and reported a much less severe vulnerability, allowing me to scrape these results too. More than a decade later, not much has changed,” it added.
Examining glitches, says IIT Madras Director —
Meanwhile, IIT Madras Director V Kamakoti on Tuesday said a four-member team from the institute and IIT Kanpur has begun examining the recent glitches in the CBSE portal, including payment failures and allegations related to answer sheet uploads.
Kamakoti said the team started examining the issue on Monday evening, and the primary focus is to determine the exact cause of the disruption.
"There was an issue for around two days. So what was the actual reason for the failure? Was it some development issue, technical issue, or was it even a cyber attack? Because anything is possible. So that is what we want to basically find out so that it doesn't recur in future," he said.
He also said the Central Board of Secondary Education's (CBSE) portal had remained stable for the last "72 hours-plus".
Follow us
