Ethical Hacker Alleges Master Password Exposure in CBSE Digital System

Ethical hacker Nisarga Adhikary said he discovered a master password and other serious vulnerabilities within the Central Board of Secondary Education digital evaluation system [1, 2].

These claims suggest a significant security failure in the Online System of Marking (OSM) used by India's primary national education board. If verified, the exposure of a master password could allow unauthorized access to sensitive student data and academic records, potentially compromising the integrity of national examinations.

Adhikary said he identified 45 vulnerabilities within the system ^[2]. According to the hacker, these flaws were discovered and reported months before the controversy became public ^[2]. He said his early warnings were ignored by the board, leaving the system exposed to potential breaches ^[2].

The vulnerabilities center on the OSM system, which the CBSE uses for the digital evaluation of student scripts [1, 2]. Adhikary said the exposure of a master password represents a critical failure in the system's architecture ^[1].

While the CBSE has not provided a detailed public rebuttal to every specific technical claim, the reports highlight a growing tension between independent security researchers and government institutions in India. Adhikary said he sought to protect the system by alerting the board early ^[2].

The scale of the reported issues—totaling 45 distinct vulnerabilities ^[2]—points to a systemic lack of security auditing. The master password exposure is the most severe of these claims, as such credentials typically grant administrative overrides that bypass standard security protocols ^[1].