Days after a row erupted after a 19-year-old hacker exposed the alleged vulnerabilities in the CBSE’s on-screen marking portal, the education board has stated it is “closely monitoring the situation” with a team of cybersecurity experts.
Taking to social media on Sunday, the Central Board of Secondary Education stated that it has deployed a team of cybersecurity professionals from the government and Indian Institutes of Technology (IITs) to fortify the portal.
“The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out. We are grateful to all alert citizens and ethical hackers pointing out such weaknesses, and have gotten in touch with some of them directly,” said the statement issued by the board.
This statement from CBSE comes after a 19-year-old Nisarga Adhikary claimed he was able to hack the OSM portal.
The “hobbyist cybersecurity researcher” stated that he was able to hack the system and identified serious lapses in the online portal.
In a detailed blog post published on his website and also shared on X, Nisarga said he had identified several major security flaws in the CBSE portal back in February and reported them to CERT-In.
Also Read | Needless ‘Class 12 result soon’ teasing, OSM, hacking row: CBSE’s May mess-ups, clarifications
He also claimed that the “master password” for the portal was readily accessible in the website’s JavaScript bundle.
As per Adhikary, the master password would allow the OTP page to be skipped, comprising the authentication system.
Speaking to Hindustan Times, the 19-year-old added that the master password enabled him to bypass all security protocols.
“I started examining the special logic for username, password, and OTPs and how it’s processed. When examining that, I found a master password. After a bit of reading the code, I saw that the master password can bypass all the security protocols and open the dashboard directly,” he told HT, adding that this access was enough for anyone to alter marks on the system.
Following CBSE’s statement, Adhikary posted a reaction stating that the education board had admitted to the flaws in the system. The post made on X, however, has now been deleted.
