NEW DELHI: Fresh allegations of massive cybersecurity lapses, data exposure and administrative failures have deepened the controversy surrounding CBSE's On Screen Marking (OSM) system, with activists now approaching the National Human Rights Commission for urgent intervention to protect students' educational rights, amid continuing disruptions in the board's post-exam processes.
Security Vulnerabilities Exposed
The latest row erupted after independent developers and ethical hackers publicly claimed that sensitive student data, scanned answer sheets and question papers linked to CBSE's digital evaluation infrastructure were exposed online because of serious security vulnerabilities. Android developer Sidharth posted on X: "Almost every single OnMark portal built by EduTek is fundamentally insecure, and CBSE is lying to you about the safety of student data. We found default passwords, URL-based RCEs, and raw MD5 hashes. Millions of students are at risk."
Separately, 19-year-old software engineer Nisarga Adhikary alleged on X that CBSE-linked storage systems had been left openly accessible online. "CBSE people didn't configure their AWS bucket (a public cloud storage container) properly and now we can paginate and enumerate all their media which has 2026 answer sheets and question papers," he said, claiming "anyone on the internet can download any scanned booklet."
Vulnerabilities Contained, Claims CBSE
Earlier, Nisarga Adhikary had claimed that he had breached parts of CBSE's digital evaluation infrastructure and flagged alleged security vulnerabilities linked to the OnMark portal. However, CBSE Sunday said vulnerabilities detected in the portal operated by its service provider had been "contained" and that cybersecurity specialists from multiple government agencies and IITs had been deployed to strengthen systems. The board said it had been actively monitoring vulnerabilities being highlighted in public forums and thanked "ethical hackers" for flagging weaknesses. However, CBSE did not respond to specific queries regarding the alleged AWS exposure claims.
NHRC Petition Filed
Advocate and activist Anubha Shrivastava Sahai has written to NHRC urging it to take suo motu cognisance of the issue and warning that ongoing OSM failures could jeopardise admissions, scholarships and educational opportunities for thousands of students. She also asked NHRC to seek reports from CBSE and the education ministry, direct creation of alternative grievance mechanisms, ensure deadline relaxations for affected students, and prevent any candidate from losing opportunities because of technological failures.
