Student Detects Vulnerability in Indian Certificate of Secondary Education Website
The news could be unsettling for students as well as professionals who are associated with Indian certificate of Secondary Education Board as reports from sources confirms that the Board’s website is vulnerable to security frauds and there are lacunae that could be manipulated to access various sensitive data. The claim was made by a class XI student from Rajkot who tried to hack the website to determine if the website is secured enough to access confidential information. According to the report the website of the Indian Certificate of Secondary Education (ICSE) website is inflicted with cross-site scripting (XSS) vulnerability that can easily be manipulated to access the confidential information.
Monark Modi, the young web security enthusiast, told TOI that he was checking the central board results for class X earlier this month. “At that time, I came across a glitch that I could exploit with a simple authentication bypass technique. Once I entered the dashboard, I could see pages containing the results of 13,000 students. I was shocked as with the proper knowledge, it could have been manipulated by someone,” He said According to a report by an online security major, cross-site scripting was found to be a reason for security vulnerability in 84% of cases. Experts say that better coding and monitoring cookies and scripts active at the time of functioning can reduce the risk.
Modi said that he has so far reported XSS related glitches to more than 12 sites of various industries. “More often than not, the company officials invest in designs and features and ignore the security aspect. In major websites where hundreds or thousands visit every day, it can lead to instances ranging from identity theft to financial fraud,” he said.
Source: The Times of India