CBSE Acknowledges Security Flaws in Evaluation Portal Following Ethical Hacker’s Claims

New Delhi | The Central Board of Secondary Education (CBSE) is facing heightened scrutiny regarding its digital evaluation system after a 19-year-old ethical hacker, Nisarga Adhikary, publicly disclosed significant security vulnerabilities in the board’s on-screen marking infrastructure. Following these revelations, CBSE confirmed the existence of weaknesses in a portal managed by its service provider and announced that corrective measures are currently in progress to enhance the platform’s security.

Allegations of Security Flaws

The situation escalated when Adhikary took to social media and his blog to assert that the OnMark portal, integral to CBSE’s On-Screen Marking (OSM) system, harbored multiple security flaws. He claimed that these vulnerabilities could potentially facilitate unauthorized access to various evaluation-related resources. Notably, he pointed out that a misconfigured cloud storage bucket had exposed scanned answer sheets and question papers, thereby rendering sensitive educational content accessible online.

The allegations quickly garnered widespread attention across social media and educational communities, raising alarms about the security of student records and examination data. In response, CBSE issued a statement indicating that it had been closely monitoring the vulnerabilities highlighted in public discussions.

Immediate Response and Corrective Actions

CBSE stated that it had initiated immediate corrective actions following the identification of these weaknesses. The board emphasized that safeguarding examination-related data is a top priority and that all reported issues are being thoroughly reviewed. To bolster the platform’s security, CBSE is in the process of migrating the system to a more secure infrastructure.

A team of cybersecurity professionals from various government institutions and Indian Institutes of Technology (IITs) has been deployed to conduct a comprehensive security assessment. These experts are tasked with examining the platform for vulnerabilities, evaluating potential risks, and implementing additional safeguards to enhance overall system resilience.

In a significant acknowledgment, CBSE expressed appreciation for ethical hackers and citizens who responsibly report security concerns. The board noted that individuals who identify and disclose vulnerabilities play a crucial role in strengthening digital security and confirmed that it had reached out to some of those who brought the issues to its attention.

Clarifications on the Evaluation Environment

CBSE clarified that the URL highlighted in social media discussions was not part of the live evaluation environment used for actual answer-sheet assessments. Instead, it was a testing environment containing sample data, not the production system utilized during real examinations. Despite this clarification, CBSE recognized the seriousness of the concerns and announced that a detailed technical review had been initiated.

Broader Implications for Data Security in Education

This incident has reignited a broader debate concerning data security and the reliability of digital evaluation systems within India’s education sector. Millions of students participate in CBSE examinations annually, with answer sheets, marks, and personal information increasingly processed through digital platforms. Consequently, any potential security lapse is perceived not merely as a technical issue but as a matter involving privacy, trust, and institutional accountability.

The controversy has also drawn political attention, with opposition leaders voicing concerns over student privacy and the protection of educational records. Education experts, cybersecurity professionals, and parents have called for independent security audits to ensure that student data remains adequately protected.

Expert Opinions on Cybersecurity Measures

Cybersecurity specialists argue that large digital platforms handling sensitive information should undergo regular penetration testing, third-party audits, and responsible disclosure programs. A researcher at Algoritha Security emphasized that robust technological infrastructure must be complemented by continuous monitoring and proactive risk management. Timely identification and remediation of vulnerabilities are essential indicators of a mature cybersecurity framework.

For now, CBSE has assured stakeholders that all security-related concerns are being examined and that necessary measures are being implemented to enhance the safety of its evaluation ecosystem. Students, parents, educators, and policymakers across the country are now awaiting the findings of the ongoing review and the long-term reforms that may arise from it.

Source: the420.in

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.