HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

IIT panel member: OSM portal lacked thorough security testing before deployment

Created at 11 Jun · 9:00 AM1 source↑ Market-relevant
IN SHORT

A member of an IIT panel auditing the CBSE's post-result system stated that the On-Screen Marking (OSM) portal, used for evaluating Class XII answer sheets, was not thoroughly tested for functionality and security vulnerabilities before its deployment. The panel's report to the Education Ministry is expected soon.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

19-year-oldage of ethical hacker

Who's Involved

IIT panel
auditing the CBSE post-result ecosystem
CBSE
Central Board of Secondary Education, user of the OSM portal
IIT Madras
institution involved in the panel's audit
IIT Kanpur
institution involved in the panel's audit
Digital India Corporation (DIC)
agency involved in the audit
Nisarga Adhikary
ethical hacker who identified portal vulnerabilities
Coempt Eduteck
private IT service provider that created and managed the OSM portal

↳ Why This Matters

The findings highlight critical security and functionality gaps in a system handling sensitive student data, raising concerns about the integrity of digital evaluation processes and the reliance on third-party vendors for essential educational technology.

Key facts

  • The On-Screen Marking (OSM) portal for Class XII answer sheets was not thoroughly tested for functionality and security before deployment.
  • An IIT panel auditing the CBSE's post-result ecosystem found multiple vulnerabilities in the portal.
  • The panel's findings align with those of a 19-year-old ethical hacker who identified similar flaws.
  • The IIT panel is expected to submit its report with recommendations to the Education Ministry soon.
  • The CBSE currently lacks the in-house technical expertise to independently manage such large-scale digital systems.

A member of an IIT panel auditing the Central Board of Secondary Education's (CBSE) post-result system has stated that the On-Screen Marking (OSM) portal, utilized for evaluating Class XII answer sheets, did not undergo sufficient testing for functionality and security threats before its deployment.

The panel, formed after controversy surrounding the portal, is preparing to submit its findings and recommendations to the Education Ministry. Officials from IIT Madras and IIT Kanpur collaborated with CBSE and Digital India Corporation (DIC) to identify vulnerabilities within the CBSE's post-exam digital infrastructure.

Multiple security flaws were discovered in the original OSM portal, which had undergone an audit that the panel member described as not comprehensive enough. These vulnerabilities were also independently identified by 19-year-old ethical hacker Nisarga Adhikary, who noted issues such as OTP bypass and access to examiner accounts via a hardcoded password.

The IIT panel assisted in developing a new examiner-facing portal, built on the base code of the discontinued system, which is currently in use for answer sheet verification and re-evaluation. The panel member emphasized the need for rigorous security assessments, including penetration testing and Red Team-Blue Team exercises, for sensitive platforms.

Recommendations for deeper, multi-layered security audits will be included in the panel's report. While the ethical hacking incident exposed serious flaws, the panel member stated there is no evidence of student records being leaked or misused. The new portal is considered a "patchwork," and a more robust long-term solution is required. The panel member also noted that CBSE lacks the in-house technical expertise to manage such large-scale systems independently and must engage specialized external agencies, while retaining greater control over its data.

Frequently asked questions

The portal was not thoroughly tested for functionality and security vulnerabilities before its deployment, leading to the discovery of multiple critical flaws.

Both an IIT panel auditing the system and a 19-year-old ethical hacker named Nisarga Adhikary identified significant vulnerabilities.

According to the IIT panel member, there is no evidence to suggest that student records were leaked or misused, despite the ethical hacking incident.

The new portal is described as a "patchwork," indicating that while it is currently in use, a more robust and long-term solution will be necessary for future examination cycles.

What Happens Next

01The IIT panel is expected to submit its report and recommendations to the Education Ministry.
02A more robust, long-term solution for the digital evaluation system will be required.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

An IIT panel member stated the OSM portal was not thoroughly tested before deployment.
The panel found multiple vulnerabilities in the portal, some identified by an ethical hacker.
The IIT panel assisted in developing a new portal using the old system's base code.
Recommendations for multi-layered security audits will be included in the panel's report.
The panel member noted CBSE lacks in-house technical expertise for such systems.

Sources

T1
OSM portal was not 'thoroughly' tested for functionality and security threats before deployment: IIT panel memberThe Economic Times

Related Stories

Thousands of routers bricked after Australian government program ends
8 Jul · 6:15 PM
Hackers exploit AI hallucination to build botnets
8 Jul · 7:11 AM
OpenAI Staggers GPT 5.6 Release at US Government's Request
9 Jul · 5:20 AM
Lawsuit: Grok user created 7K child sex images; xAI accused of obstructing probe
8 Jul · 8:05 PM
Australian report: Women, university grads most at risk from AI job displacement
8 Jul · 9:50 AM