The Central Board of Secondary Education (CBSE) confirmed security vulnerabilities in its OnMark mock examination portal after a cybersecurity researcher exposed the flaws [1].
This admission follows days of denial by the board and highlights significant risks to the integrity of student data and examination materials in India's digital education infrastructure [1].
A 19-year-old cybersecurity researcher reported the issue to the board [1]. The researcher discovered that an improperly configured cloud storage bucket had exposed exam booklets, allowing unauthorized access to sensitive materials [1], [2].
Following the report, CBSE announced a comprehensive security overhaul to secure the system [2]. The board said it is deploying specialized teams from the Indian Institutes of Technology (IITs) and government agencies to address the vulnerabilities [2].
The OnMark portal is used for the evaluation of mock examinations. The exposure of booklets via cloud storage suggests a failure in basic security configurations, a common point of failure in large-scale digital migrations [1], [2].
CBSE did not provide a specific timeline for the completion of the security updates but said that the collaboration with government experts is underway to prevent future breaches [2].
“CBSE admitted that its mock examination portal (OnMark) had security vulnerabilities”
The incident underscores the tension between the rapid digitization of India's education system and the lagging implementation of robust cybersecurity protocols. By relying on a 19-year-old researcher to find a basic cloud misconfiguration, the CBSE reveals a gap in its internal auditing processes. The involvement of IITs suggests the board is moving toward a more academic and rigorous security framework to restore public trust in its digital evaluation tools.
