CBSE Hacking Row Explodes: Board Denies OSM Breach, Teen Hacker Disputes ‘Testing Site’ Claim

The Central Board of Secondary Education (CBSE) has rejected claims of a security breach in its On-Screen Marking (OSM) portal, used for evaluating Class 12 board exams for nearly two million students. A 19-year-old cybersecurity enthusiast, Nisarga Adhikary, claimed to have identified critical vulnerabilities in the system, sparking widespread concern after the CBSE website briefly crashed on Tuesday. CBSE clarified that the compromised URL, cbse.onmarks.co.in, was a testing site with sample data, not the live evaluation platform. The Board emphasized that the actual evaluation portal, with a different URL, remains secure and unaffected. Despite this, Adhikary argued that his earlier warnings—submitted three months prior—were only partially addressed, and he highlighted flaws such as a master password exposed in a publicly accessible JavaScript file, which could bypass authentication. The hacker’s findings suggested potential risks to exam integrity, including tampering with grades. Tech investor Deedy Das criticized the situation on social media, calling it an embarrassment and questioning the competence of those managing the system. CBSE insists no actual vulnerabilities have been reported in the live evaluation process, which was introduced this year to enhance transparency. Adhikary later claimed that even the new URL provided by CBSE still contained technical flaws, reigniting debates about cybersecurity preparedness and digital safeguards in India’s largest examination system. The controversy underscores ongoing concerns about the security of student data and the reliability of digital evaluation methods.