NEW DELHI: Fresh allegations of massive cybersecurity lapses, data exposure and administrative failures have deepened the controversy surrounding CBSE's On Screen Marking (OSM) system, with activists now approaching National Human Rights Commission (NHRC) for urgent intervention to protect students' educational rights, amid continuing disruptions in the board's post-exam processes.
Security Vulnerabilities Exposed
The latest row erupted after independent developers and ethical hackers publicly claimed that sensitive student data, scanned answer sheets and question papers linked to CBSE's digital evaluation infrastructure were exposed online because of serious security vulnerabilities. Android developer Sidharth posted on X: 'Almost every single OnMark portal built by EduTek is fundamentally insecure, and CBSE is lying to you about the safety of student data. We found default passwords, URL-based RCEs, and raw MD5 hashes. Millions of students are at risk.'
Separately, 19-year-old software engineer Nisarga Adhikary alleged on X that CBSE-linked storage systems had been left openly accessible online. 'CBSE people didn't configure their AWS bucket (a public cloud storage container) properly and now we can paginate & enumerate all their media which has 2026 answer sheets & question papers,' he said, claiming 'anyone on the internet can download any scanned booklet'. Earlier, Adhikary had claimed that he had breached parts of CBSE's digital evaluation infrastructure and flagged alleged security vulnerabilities linked to the OnMark portal.
CBSE's Response
However, CBSE on Sunday said vulnerabilities detected in the portal operated by its service provider had been 'contained'. The board did not provide further details on the extent of the data exposure or measures taken to prevent future breaches.
Activists have now approached the NHRC, seeking an investigation into the lapses and demanding accountability to safeguard students' educational rights. The commission is yet to respond to the plea.
