Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal

https://ni5arga.com/blog/posts/hacking-cbse/

Comments

arnavpraneetMay 26, 2026, 12:26 PM
To note, this is the largest board of education in India, the most populous country in the world - some 29,000 schools are affiliated to it and millions of students enrolled in a curriculum designed and controlled by the CBSE
triceratopsMay 26, 2026, 3:48 PM
Big oof.

A master password shipped in client-side JS.

A fake OTP authentication process - "the server sends the OTP back...and the [client code] compares what you typed against that value locally before letting you through"

And it gets worse after that.

crossroadsguyMay 27, 2026, 2:04 AM
These are features in our land of the brave.
random_ind_dudeMay 26, 2026, 2:47 PM
India's education sector is a real shit-show. The rot starts at the bottom: students that resort to cheating, the endless question paper leaks of national level examinations, and curricula that are stuck in the past. All these lead to the problem that affects the country's economic and social development: a lack of foundational research in frontier science and technology, where the country is always a follower and never a leader.

Maybe these things are to be expected, given that even the Prime Minister's academic credentials are suspected to be bogus.

darth_avocadoMay 26, 2026, 3:31 PM
> rot starts at the bottom: students that resort to cheating, the endless question paper leaks of national level examinations, and curricula that are stuck in the past. All these lead to the problem that affects the country's economic and social development

What you’re mentioning is purely the results of an economic system that incentivizes everyone to behave in a certain way. Upward mobility is non existent for a billion people and the only way to get a chance to that upward mobility is an arbitrary exam which pretty much seals the fate for the majority of the masses. And we’re not talking about a luxurious living we’re talking about an opportunity to just make a living and avoid abject poverty. And you’re blaming the people for doing whatever it takes? The rot is the system, not the people being forced to use it as it’s designed.

random_ind_dudeMay 26, 2026, 3:51 PM
The system doesn't exist independent of the people. If those who are harmed do not punish the offenders, the offenders will see no reason to change their behaviour.
darth_avocadoMay 26, 2026, 4:28 PM
You’re putting too much agency into people that have very little or none. It’s easy to dismiss everything as “people are part of the system” but institutions are difficult to change in a democracy. You can riot in the streets, vote out a government and replace the people in charge, but the institutions in place will remain in place. The only way to fix it is to have elected representatives do their jobs, and you know how that turns out.
random_ind_dudeMay 26, 2026, 7:24 PM
They do have the power to change things. Institutions can be made more accountable. The people just chose the option to continue with the status quo.
yummybrainzMay 26, 2026, 2:08 PM
It's getting real hard to apply Hanlon's razor ("assume ignorance before malice") when it comes to egregious incompetence like this.

I wonder if this particular backdoor (front door?) has been used before; perhaps there are black-hat services that sell grade upgrades.

varun_chMay 26, 2026, 1:51 PM
This is unbelievable!! At a certain point surely doing things the right way would be easier or more clearly correct? Like, if you were implementing this you’d obviously know that it’s insecure right??
albert_eMay 26, 2026, 3:07 PM
Denials already issued

Counter claims too

https://x.com/ni5arga/status/2059280940044800050

albert_eMay 26, 2026, 3:24 PM
It gets better (worse?)

https://x.com/ni5arga/status/2059289355525767557?s=20

crossroadsguyMay 27, 2026, 2:20 AM
While we are at it I shall share another masterstroke by the CBSE https://x.com/SiddharthKG7/status/2059189433170325530
random_ind_dudeMay 26, 2026, 3:45 PM
Damn. I hope he/she remains safe. India's administration is stupid and extremely vindictive.
ni5argaMay 26, 2026, 5:40 PM
Author here, thanks for posting about it :)