Hacker NewsHacker News
Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal
40 points by dsr12 7 hours ago | 10 comments
triceratops 13 minutes ago
Big oof.

A master password shipped in client-side JS.

A fake OTP authentication process - "the server sends the OTP back...and the [client code] compares what you typed against that value locally before letting you through"

And it gets worse after that.

reply
arnavpraneet 4 hours ago
To note, this is the largest board of education in India, the most populous country in the world - some 29,000 schools are affiliated to it and millions of students enrolled in a curriculum designed and controlled by the CBSE
reply
random_ind_dude 2 hours ago
India's education sector is a real shit-show. The rot starts at the bottom: students that resort to cheating, the endless question paper leaks of national level examinations, and curricula that are stuck in the past. All these lead to the problem that affects the country's economic and social development: a lack of foundational research in frontier science and technology, where the country is always a follower and never a leader.

Maybe these things are to be expected, given that even the Prime Minister's academic credentials are suspected to be bogus.

reply
darth_avocado 30 minutes ago
> rot starts at the bottom: students that resort to cheating, the endless question paper leaks of national level examinations, and curricula that are stuck in the past. All these lead to the problem that affects the country's economic and social development

What you’re mentioning is purely the results of an economic system that incentivizes everyone to behave in a certain way. Upward mobility is non existent for a billion people and the only way to get a chance to that upward mobility is an arbitrary exam which pretty much seals the fate for the majority of the masses. And we’re not talking about a luxurious living we’re talking about an opportunity to just make a living and avoid abject poverty. And you’re blaming the people for doing whatever it takes? The rot is the system, not the people being forced to use it as it’s designed.

reply
random_ind_dude 11 minutes ago
The system doesn't exist independent of the people. If those who are harmed do not punish the offenders, the offenders will see no reason to change their behaviour.
reply
albert_e 54 minutes ago
Denials already issued

Counter claims too

https://x.com/ni5arga/status/2059280940044800050

reply
albert_e 37 minutes ago
reply
random_ind_dude 16 minutes ago
Damn. I hope he/she remains safe. India's administration is stupid and extremely vindictive.
reply
varun_ch 3 hours ago
This is unbelievable!! At a certain point surely doing things the right way would be easier or more clearly correct? Like, if you were implementing this you’d obviously know that it’s insecure right??
reply
yummybrainz 2 hours ago
It's getting real hard to apply Hanlon's razor ("assume ignorance before malice") when it comes to egregious incompetence like this.

I wonder if this particular backdoor (front door?) has been used before; perhaps there are black-hat services that sell grade upgrades.

reply