Days after a row erupted after a 19-year-old hacker exposed the alleged vulnerabilities in the CBSE’s on-screen marking portal, the education board has stated it is “closely monitoring the situation” with a team of cybersecurity experts.
Taking to social media on Sunday, the Central Board of Secondary Education stated that it has deployed a team of cybersecurity professionals from the government and Indian Institutes of Technology (IITs) to fortify the portal.
Also Read | Gen-Z blog explodes: How 17-yr-old Sarthak’s investigation of CBSE OSM tenders became centrepiece of a mega row
“The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out. We are grateful to all alert citizens and ethical hackers pointing out such weaknesses, and have gotten in touch with some of them directly,” said the statement issued by the board.
This statement from CBSE comes after a 19-year-old Nisarga Adhikary claimed he was able to hack the OSM portal.
The “hobbyist cybersecurity researcher” stated that he was able to hack the system and identified serious lapses in the online portal.
In a detailed blog post published on his website and also shared on X, Nisarga said he had identified several major security flaws in the CBSE portal back in February and reported them to CERT-In.
Also Read | Needless ‘Class 12 result soon’ teasing, OSM, hacking row: CBSE’s May mess-ups, clarifications
He also claimed that the “master password” for the portal was readily accessible in the website’s JavaScript bundle.
As per Adhikary, the master password would allow the OTP page to be skipped, comprising the authentication system.
Speaking to Hindustan Times, the 19-year-old added that the master password enabled him to bypass all security protocols.
“I started examining the special logic for username, password, and OTPs and how it’s processed. When examining that, I found a master password. After a bit of reading the code, I saw that the master password can bypass all the security protocols and open the dashboard directly,” he told HT, adding that this access was enough for anyone to alter marks on the system.
He added that he was able to deface site, make new pages and fill them with anime and memes, and was able to access all scanned answer sheets with the master password.
‘My work is done’
Following CBSE’s statement, Adhikary posted a reaction stating that the education board had admitted to the flaws in the system. The post made on X was deleted and then re-uploaded.
However, speaking to HT, the 19-year-old stated that his “work was done,” ever since the board stated that it would be looking into the lapses in the system. He added that he did not try to hack OSM portal after CBSE’s tweet today.
Source link
#CBSE #monitors #issues #OSM #portal #hacker #work
