&w=1200&q=75)
&w=1200&q=75)
Student Exposes Major Security Flaw in CBSE Exam Portal
'Big Blunder': How a Class 12 CBSE student exposed a security flaw in a national exam portal
Moneycontrol
Image: Moneycontrol
Nisarga Adhikary, a 19-year-old student from Silliguri, West Bengal, uncovered significant security vulnerabilities in the CBSE's new digital evaluation portal during his Class 12 exams. His findings led to a responsible disclosure effort involving India's cyber emergency agency, CERT-In, and ultimately resulted in the portal being taken offline.
- 01Adhikary discovered a hardcoded master password in the CBSE exam portal's JavaScript files, which could be accessed through a simple search.
- 02He reported multiple vulnerabilities to CERT-In, including issues with OTP validation and access controls, but claimed that most were not addressed.
- 03CBSE denied any systemic hack, stating the portal was merely a testing site, a claim disputed by security experts.
- 04The incident highlights ongoing concerns about cybersecurity practices in educational systems handling sensitive data.
- 05Adhikary's efforts were driven by curiosity and a commitment to ethical hacking, despite receiving little response from the authorities.
Advertisement
In-Article Ad
During his Class 12 examinations, 19-year-old Nisarga Adhikary from Silliguri, West Bengal, explored a newly launched digital evaluation portal for the Central Board of Secondary Education (CBSE). His curiosity led to the discovery of serious security flaws, including a hardcoded master password in the portal's JavaScript files. After reporting these vulnerabilities to the Indian Computer Emergency Response Team (CERT-In), Adhikary's findings prompted a public outcry, resulting in the portal being taken offline. While CBSE insisted that the portal was a testing site and not compromised, security experts challenged this assertion, noting that vulnerabilities remained unpatched. This incident underscores the critical need for improved cybersecurity measures in educational platforms. Adhikary, who has experience in ethical hacking, expressed frustration over the lack of response from the authorities and emphasized that such basic security flaws are prevalent across many systems. His commitment to responsible disclosure highlights the role of individuals in identifying and addressing cybersecurity risks.
Advertisement
In-Article Ad
The incident raises significant concerns about the security of educational data systems, potentially affecting students' personal information.
Advertisement
In-Article Ad
Reader Poll
How concerned are you about the security of online exam portals?
Connecting to poll...
More about Central Board of Secondary Education
Read the original article
Visit the source for the complete story.