CBSE clarified that the portal used for evaluation answer sheets has a different URL than the one visible on the teenager’s screenshots.

The Central Board of Secondary Education (CBSE) on Tuesday rubbished reports claiming major vulnerabilities with the agency’s On Screen Marking (OSM). The reports were based on claims made by a 19-year-old ‘hacker’ alleging “vulnerabilities” on social media.

Nisarga Adhikary, a 19-year-old hobbyist cybersecurity researcher who finished his Class 12 exams this year, claimed to have hacked the CBSE website and found severe loopholes in the OSM system. While his post on X, dated May 22, did not attract much attention earlier, tech entrepreneur Deedy Das spotted and re-shared it on his handle.

However, CBSE said that the URL seen on Adhikary’s screenshots is different than the actual OSM portal’s URL. The board said that the teen found the alleged issues on a testing site.

What happened?
“A 19-year old broke into India’s largest high school examination system of 2M+ students a year, the CBSE, and was able to view and CHANGE any students’ marks,” Deedy Das wrote on X.

In a lengthy blog post, Adhikary claimed that despite reporting the vulnerabilities to CERT-In on time, the education board did not fix them.

“He responsibly wrote to the team 3 months ago, and it took them 3 days to fix only one of the issues. Today, they took the entire website down,” Das said, calling the situation an “absolute embarrassment”.

CBSE responds
Responding to Adhikary’s claims, CBSE clarified that the portal used for evaluation answer sheets has a different URL than the one visible on the teenager’s screenshots. They said the alleged issues that Adhikary claims to have found were from a “testing site”.

“At the outset, it is clarified that the Portal used for evaluation of answer-books bore a different URL, which has neither been compromised nor does it have the vulnerabilities indicated in the said social media post. The URL: http://cbse.onmarks.co.in is the testing site only with sample data for internal testing and review purposes,” CBSE said in a post on X.

The education board affirmed that no security breaches have come to light on the OSM portal deployed for the actual evaluation work.

CBSE further stated that the OSM system was implemented for enhanced transparency in evaluation, “with strong grievance redressal mechanisms built into it.”