A teenager cybersecurity researcher’s blog post has exposed glaring vulnerabilities in the CBSE website, claiming that he hacked the board’s On-Screen Marking (OSM) portal and even reported it to the CERT-In (Indian Computer Emergency Response Team) back in February.
The 19-year-old, Nisarga Adhikary claimed in a post dated May 22 that many of these issues remained unresolved for months. The issue came into the spotlight after tech entrepreneur Deedy Das’s post went viral. “I had hacked CBSE’s OSM in February and had reported the vulnerabilities to CERT-In, but they were unable to patch most of them,” Nisarga wrote in his X handle post.
Highlighting Nisarga’s tweet, Deedy said, “A 19-year-old broke into India’s largest high school examination system of 2M+ students a year, the CBSE, and was able to view and CH0ANGE any students’ marks. He responsibly wrote to the team three months ago, and it took them three days to fix only one of the issues. Today, they took the entire website down. This is an absolute embarrassment. The futures and lives of millions rest in the hands of the utterly incompetent. There is also no mass media reporting on the matter.”
Further highlighting the glaring gaps, Deedy added, “This topic is close to me because not only is this the education system I went through, but 12 years ago, and silently for 5 years since, I'd written about and reported a much less severe vulnerability, allowing me to scrape these results too. More than a decade later, not much has changed,” it added.
Examining glitches: IIT Madras Director
IIT Madras Director V Kamakoti on Tuesday said a four-member team from the institute and IIT Kanpur has begun examining the recent glitches in the CBSE portal, including payment failures and allegations related to answer sheet uploads.
Kamakoti said the primary focus is to determine the exact cause of the disruption. “There was an issue for around two days. So what was the actual reason for the failure? Was it some development issue, technical issue or was it even a cyberattack? Because anything is possible. So that is what we want to basically find out so that it doesn't occur again,” he said.
Kamakoti said the CBSE portal was stable for the last “72 hours-plus”.
Follow us
