The Tech Crisis Deepens: CBSE Takes a Major U-Turn, Admits Critical Flaws After Gen-Z Whistleblowers Sound the Alarm

 

The Tech Crisis Deepens: CBSE Takes a Major U-Turn, Admits Critical Flaws After Gen-Z Whistleblowers Sound the Alarm

Just days after flatly denying any security compromises, the Central Board of Secondary Education (CBSE) has officially reversed its stance. On Sunday, May 31, 2026, the board admitted that major vulnerabilities did indeed exist within its digital evaluation infrastructure.

The security crisis escalated rapidly from what CBSE initially brushed off as a "testing site rumor" into a full-scale cybersecurity fire drill, drawing intervention from elite government tech bodies and the Indian Institutes of Technology (IITs).

From "Fake News" to National Security Intervention

The controversy began when 19-year-old ethical hacker Nisarga Adhikary published a detailed technical breakdown exposing how CBSE’s newly rolled out On-Screen Marking (OSM) portal was virtually left wide open.

While the board initially claimed the screenshots were merely from an internal testing URL filled with mock data, Adhikary countered with video proof showing a completely exposed "master password" hardcoded into the portal's frontend JavaScript bundle. This allowed him to bypass the OTP authentication layer entirely, view examiner details, and access what appeared to be live production data.

Things got even worse when another student whistleblower, 17-year-old Sarthak Sidhant, dropped a second bombshell blog post. Sidhant exposed that an administrative portal could be accessed with the astonishingly weak password 123456, and alleged that an AWS cloud bucket containing 2026 answer sheets and question papers was entirely unauthenticated—meaning anyone with the link could list, paginate, and download millions of student booklets.

What Left the Gate Wide Open?

The technical oversights flagged by the teen researchers read like a textbook list of "what not to do" in modern web development:

Hardcoded Master Credentials: A master password was visible in plain text inside the portal’s public JavaScript files.

Client-Side OTP Validation: The browser was effectively grading its own security test. Instead of the server verifying the OTP, the app checked it client-side, allowing anyone to open Developer Tools and manually force the app to skip the login screen.

Insanely Insecure Cloud Storage: Missing AWS bucket permissions meant the ListObjectsV2 command required zero authentication, exposing entire file directories of scanned student answer booklets.

Broken Password Resets: The "change password" API allowed user accounts to be overtaken simply by passing a User ID and a new password, without requiring the original password.

CBSE's Damage Control Mode

Following immense public outcry and pressure from political leaders, CBSE posted an official update on X acknowledging the security gaps and thanking the ethical hackers for highlighting the weaknesses.

"We have been closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain. An expert team of cybersecurity professionals has been deployed over the last few days from across various arms of the government as well as the IITs to fortify these systems, including taking them over to a more secure setup."

— CBSE Official Statement  

The board confirmed that the identified vulnerabilities have since been contained, and they are moving the infrastructure over to a heavily fortified system to rule out further exploitable bugs.

Following the board’s public acknowledgment and the deployment of government cybersecurity forces, Adhikary posted on social media that his "work was done" and he had stopped testing the system, signaling a temporary truce in what has become one of India’s most high-profile student-led tech cleanups.

You can watch a detailed video report about the initial controversy surrounding the hack on the India Today News Report, which breaks down the specific technical claims made by the teenage researcher before the board's official U-turn.

Location: Satna, Madhya Pradesh, India

Comments

Post a Comment

Popular posts from this blog

Cops: Naravane Memoir Leak, an "Organized Operation" to Bypass Gov't Clearance

Image
Cops: Naravane Memoir Leak, an "Organized Operation" to Bypass Gov't Clearance NEW DELHI, Feb 12, 2026 — The Delhi Police Special Cell has leveled explosive allegations in the ongoing investigation into former Army Chief General M.M. Naravane’s unpublished memoir, Four Stars of Destiny. Investigators now claim the leak was not a random act of piracy but a "planned and coordinated operation" designed to push the manuscript into global markets without the mandatory nod from the Ministry of Defence (MoD). As the political standoff between the government and Rahul Gandhi intensifies, the probe has taken on a multi-national dimension, tracing digital footprints across four continents. The "Global Market" Strategy Preliminary findings by the Special Cell reveal that the leaked manuscript was systematically uploaded to international platforms before it could be officially vetted in India. Foreign Retail Presence: Unauthorized digital copies and pre-print vers...
Read more

The Breaking Point: Joe Kent’s Resignation and the Truth About the Iran Conflict

Image
The Breaking Point: Joe Kent’s Resignation  and the Truth About the Iran Conflict The landscape of American foreign policy shifted dramatically today as Joe Kent , the Director of the National Counterterrorism Center (NCTC), announced his immediate resignation. In a move that has sent shockwaves through the second Trump administration, Kent stepped down with a blistering public statement, asserting that the ongoing war with Iran is based on a "lie." Kent’s departure is more than just a high-level vacancy; it is a profound moral and professional challenge to the current administration's justification for military action. A Conscience at Odds with Policy In his resignation letter, which he shared on X (formerly Twitter), Kent was uncharacteristically blunt for a top intelligence official. He stated: "I cannot in good conscience support the ongoing war in Iran. Iran posed no imminent threat to our nation, and it is clear that we started this war due to pressure from Is...
Read more

The UGC Equity Fiasco: Is This the Beginning of the End for the Modi Consensus?

Image
The UGC Equity Fiasco: Is This the Beginning  of the End for the Modi Consensus? In the world of Indian politics, there is a golden rule: don’t disturb the "social equilibrium." For a decade, PM Modi has masterfully balanced his core Savarna (Upper Caste) base with an expanding reach into the OBC and SC/ST communities . But with the notification of the UGC Equity Regulations 2026 , that balance hasn't just been tipped—it’s been shattered. What was meant to be a response to the Supreme Court’s mandate on campus discrimination has morphed into a political nightmare. Here’s why this "UGC Fiasco" could be the costliest mistake of the Modi 3.0 era. 1. The "Core" is Crumbling: The Savarna Backlash For the first time since 2014, the BJP’s most loyal foot soldiers—the Upper Castes—are on the streets against the government. The trigger? The new rules define "caste discrimination" as something that can only happen to SC, ST, and OBC members. They ar...
Read more