![\"CBSE](\"https:\/\/static.toiimg.com\/thumb\/msid-131330686,imgsize-48436,width-400,height-225,resizemode-4\/cbse-osm-portal-hack.jpg\" "\\"CBSE's")
<\/div>\n<\/div>\n<\/div>\nNEW DELHI: Even as the Central Board of Secondary Education (CBSE) continues facing criticism over answer sheet mix-ups, portal crashes and payment glitches in the Class 12 post-result process, a fresh controversy has now emerged around the security of its newly introduced On-Screen Marking (OSM) system.A 19-year-old cybersecurity researcher, Nisarga Adhikary, has alleged that he discovered multiple critical vulnerabilities in CBSE\u2019s OSM portal that could potentially allow unauthorised access to examiner accounts, password resets and even modification of students\u2019 marks. The claims, published in a detailed technical blog post and amplified widely on X, have triggered fresh concerns over the board\u2019s digital preparedness after weeks of complaints from students over mismatched answer sheets, blurred scans and evaluation discrepancies.Teen researcher details alleged flaws in CBSE evaluation portal<\/span>In his blog titled \u201cExposing Critical Vulnerabilities in CBSE\u2019s On-Screen Marking Portal<\/a>\u201d, Adhikary claimed he discovered the issues on February 25 and reported them to CERT-In before making them public.\u201cI was able to log in as an examiner and reach the evaluation dashboard, where I could view and edit marks,\u201d he wrote.According to the blog, the alleged vulnerabilities included a \u201chardcoded master password\u201d visible inside the portal\u2019s JavaScript bundle, client-side OTP validation, missing route protections, password reset flaws and what he described as a \u201csystemic IDOR vulnerability\u201d.<\/p>\n \u201cOne of the hardest things was not exploitation,\u201d he wrote, \u201cThe hardest part was reading a JavaScript file and editing a couple of values in DevTools.\u201dAdhikary also alleged that OTP verification was effectively meaningless because \u201cthe browser grades its own test\u201d.\u201cA security control that runs on the attacker\u2019s machine isn\u2019t a control at all,\u201d he wrote.Claims surface amid growing scrutiny of OSM rollout<\/span>The controversy comes days after CBSE admitted that a Delhi student, Vedant Shrivastava, had received another student\u2019s Physics answer sheet under his roll number due to a technical error in the OSM-linked scanning process.The board later acknowledged the mistake and sent the correct answer sheet to the student.The OSM system was introduced for Class 12 evaluations this year as part of CBSE\u2019s push towards digital assessment and faster post-result processing.Software engineer Deedy Das, reacting to Adhikary\u2019s findings on X, wrote: \u201cA 19-year old broke into India\u2019s largest high school examination system of 2M+ students a year, the CBSE, and was able to view and CHANGE any students\u2019 marks.\u201dDas added that the researcher had responsibly disclosed the vulnerabilities months earlier and claimed \u201cnot much has changed\u201d despite previous warnings about similar flaws in CBSE systems.CERT-In informed, website later taken offline<\/span>Adhikary said he reported the vulnerabilities to CERT-In and received an acknowledgement reference number. According to his blog<\/a>, only some issues were fixed initially.\u201cMost of the vulnerabilities I reported went unpatched for a long time,\u201d he wrote.Soon after the claims gained traction online, the OSM portal became inaccessible temporarily, with users reporting that the website had been taken offline.Disclaimer: The claims regarding vulnerabilities in CBSE\u2019s On-Screen Marking (OSM) portal are based on statements made by cybersecurity researcher Nisarga Adhikary and publicly available information. CBSE has not officially confirmed the extent or impact of the alleged security flaws at the time of publication. CBSE and CERT-In responses, if any, will be updated as they become available.<\/span><\/div>\n![\"CBSE](\"https:\/\/static.toiimg.com\/photo\/msid-131330725\/cbse-cybersecurity-flaw.jpg\" "\\"\\"")
<\/div>\n<\/div>\n