Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal

arnavpraneet

To note, this is the largest board of education in India, the most populous country in the world - some 29,000 schools are affiliated to it and millions of students enrolled in a curriculum designed and controlled by the CBSE

varun_ch

This is unbelievable!! At a certain point surely doing things the right way would be easier or more clearly correct? Like, if you were implementing this you’d obviously know that it’s insecure right??

yummybrainz

It's getting real hard to apply Hanlon's razor ("assume ignorance before malice") when it comes to egregious incompetence like this. I wonder if this particular backdoor (front door?) has been used before; perhaps there are black-hat services that sell grade upgrades.

random_ind_dude

India's education sector is a real shit-show. The rot starts at the bottom: students that resort to cheating, the endless question paper leaks of national level examinations, and curricula that are stuck in the past. All these lead to the problem that affects the country's economic and social development: a lack of foundational research in frontier science and technology, where the country is always a follower and never a leader. Maybe these things are to be expected, given that even the Prime Minister's academic credentials are suspected to be bogus.

albert_e

Denials already issued Counter claims too https://x.com/ni5arga/status/2059280940044800050

triceratops

Big oof. A master password shipped in client-side JS. A fake OTP authentication process - "the server sends the OTP back...and the [client code] compares what you typed against that value locally before letting you through" And it gets worse after that.

ni5arga

Author here, thanks for posting about it :)