The controversy over the On-Screen Marking System (OSM) of the Central Board of Secondary Education (CBSE) is not stopping. After Class 12 student Sarthak Siddhant exposed serious anomalies in this evaluation system and its tender process, now a professional cyber expert of the country has also exposed the security system of this system. Tirtha Parmar, a 22-year-old B.Tech student and ethical hacker from Rajkot, Gujarat, has claimed that CBSE’s OSM portal has many basic and serious technical flaws, due to which it is very easy to break into this entire digital infrastructure. According to Parmar, security standards have been badly ignored in this very sensitive evaluation system related to the future of the students.
Portal goes live without security audit? Ethical hacker raised serious questions on digital security
During a special conversation with news agency ANI, ethical hacker Tirtha Parmar made many shocking revelations. He claimed that CBSE skipped the mandatory ‘security audit’ before making this very important marking portal live. Due to this huge administrative and technical negligence, many such important ‘bugs’ were left open in the coding structure and server system of the portal, which could give control of the entire system to any outsider. Expressing surprise, Tirtha said that he had never imagined that such a serious and basic level of security bugs would be present in the official evaluation system of such a prestigious and large education board of the country.
Passwords were being downloaded just by guessing the URL, sensitive records of students were in danger.
Elaborating on the technical flaws of the portal, Tirtha Parmar said that it was very easy to break into this main server of CBSE and it did not require any very advanced hacking tools. Two very easy routes were open for illegal access to the system. Under the first method, some such files were publicly available on the portal, which any ordinary user could view. Within these files were stored the main database and administrative passwords of the entire marking system. Anyone could directly download those files by just guessing the URL and directly connect to the main server through that credential. Tirtha warned that by misusing this method, highly sensitive personal records of millions of students across the country, their exam marks and their digital answer sheets could have been easily accessed. The second method was to use all the unpatched security bugs, using which they themselves tested the system and breached the security.
Even after ringing alarm bells, CBSE administration remained silent, no official reply has come till now
After discovering this major flaw related to the future and data security of crores of students of the country, ethical hacker Teerth Parmar immediately took action, playing the role of a responsible citizen. He said that he had directly contacted the higher officials and technical team of CBSE with concrete proofs of all these serious technical deficiencies, coding bugs and database leaks. He had warned the board in writing about this entire danger so that it could be rectified in time. But it is a matter of great concern and surprise that even after being informed about such a huge digital security lapse, no response or official explanation has yet come from the CBSE Board. After the 12th class student Sarthak Siddhant, now the claims of this young hacker from Rajkot have put a big question mark on the credibility and confidentiality of CBSE’s digital marking system.
Comments are closed.