Days after a row erupted after a 19-year-old hacker exposed alleged vulnerabilities in CBSE’s on-screen marking portal, the education board said it is “closely monitoring the situation” with a team of cybersecurity experts.
The Central Board of Secondary Education, on social media on Sunday, said it has deployed a team of cybersecurity professionals from the government and Indian Institutes of Technology (IITs) to fortify the portal.
Read also | Gen-Z blog explodes: How 17-year-old Sarthak’s investigation into CBSE OSM tenders became focus of huge row
“The identified vulnerabilities have been contained, and other exploitable vulnerabilities have been eliminated. We are grateful to all the vigilant citizens and ethical hackers who pointed out these vulnerabilities, and we have reached out to some of them directly,” the board’s statement read.
This statement from CBSE comes after 19-year-old Nisarga Adhikary claimed that he was able to hack the OSM portal.
The “amateur researcher in the field of cybersecurity” stated that he was able to penetrate the system and detect serious vulnerabilities in the electronic portal.
In a detailed blog post published on his website and also shared on X, Nisarga said he had identified several major security flaws in the CBSE portal in February and reported them to CERT-In.
Read also | No need to tease ‘Class 12 result soon’, OSM, hacking class: CBSE chaos in May, clarifications
He also claimed that the portal’s “master password” was easily accessible in the site’s JavaScript package.
According to Adhikary, the master password will allow bypassing the OTP page, including the authentication system.
Speaking to Hindustan Times, the 19-year-old added that the master password enabled him to bypass all security protocols.
“I started by examining the logic of the username, password and one-time passwords (OTP) and how they are handled. Upon examining that, I found a master password. After a bit of reading the code, I saw that the master password could bypass all security protocols and directly open the dashboard,” he said, adding that this access was enough for anyone to change the flags on the system.
Following CBSE’s statement, Adhikary posted a reaction stating that the education board has acknowledged the flaws in the system. However, the post shared on X has now been deleted.
