A 19-year-old cybersecurity researcher named Nisarga has claimed to have exploited multiple vulnerabilities in the Central Board of Secondary Education’s Online Services Management (OSM) portal in February 2024. The alleged issues include hardcoded passwords, weak authentication, client-side OTP validation, weak route protection, password reset flaws, and Insecure Direct Object Reference (IDOR) vulnerabilities that could allow user impersonation.
CBSE’s Denial
CBSE has denied any compromise of its actual evaluation portal, stating that the referenced URL was a testing site with sample data and no live information. The board emphasized that no real data was at risk.
Government Intervention
The Union Education Ministry has taken the matter seriously and deployed experts from IIT Madras and IIT Kanpur to audit the OSM system’s technical infrastructure. The audit aims to identify and rectify any potential weaknesses in the portal’s security.
Researcher’s Claims
Nisarga, a cybersecurity enthusiast, reported the vulnerabilities to the Indian Computer Emergency Response Team (CERT-In) after discovering them. The researcher’s claims highlight the importance of robust security measures in educational portals that handle sensitive data.
