Got in within 30 minutes: Ethical hacker claims CBSE OSM breach
A Class 12 student says he reported vulnerabilities in CBSE's digital evaluation portal after allegedly accessing examiner-level functions. His claims, which remain unverified, have intensified questions over security, transparency and oversight in the board's post-result systems.
As questions continue around CBSE’s post-result process and allegations of mismatched answer sheets, a Class 12 student who describes himself as an ethical hacker says he had reported vulnerabilities in the board’s digital evaluation system months earlier.
In an interview with India Today TV, Nisarga Adhikahari, claimed he was able to gain access to examiner-level functions within a portal linked to answer sheet evaluation and had informed authorities in February. The claims have not been independently verified.
His account has surfaced at a time when the board is facing scrutiny over answer sheet access, re-evaluation requests and concerns raised by some students over the authenticity of scanned copies provided during verification.
'THE PORTAL RAISED MY CURIOSITY'
Adhikahari said he had been learning ethical hacking since his early teens and became interested after CBSE announced digital systems for parts of the evaluation process.
According to him, he examined publicly accessible website code and network requests connected to the portal.
“I was also appearing for Class 12 exams this year. When CBSE announced that everything would be digital, I became curious,” he said.
He alleged that within a short period he identified weaknesses in how login credentials were handled.
“The first vulnerability took around 30 minutes. Overall, maybe two or three hours,” he said.
CLAIMS OF EXAMINER ACCESS
Adhikahari alleged that after accessing the system, he was able to enter examiner accounts.
“I was impersonating an actual examiner, and I could do anything an examiner could do,” he said.
When asked whether this included entering marks, he responded: “Yes, I could put grades in there.”
He also claimed examiner contact details and other information linked to accounts were visible. The extent of access described by him has not been independently confirmed.
The allegations are significant because examiner portals, if compromised, could raise questions around data security, privacy and the integrity of digital assessment systems. There is currently no evidence in the public domain indicating marks were altered.
'I DOCUMENTED THE ISSUES AND REPORTED THEM'
The student said he recorded his findings and reported them to relevant channels, including government cybersecurity mechanisms.
“I gave them details. I documented multiple vulnerabilities,” he said.
According to him, the response was limited to an acknowledgement.
“No reply from CBSE or the vendor only an acknowledgement,” he claimed.
He further alleged that one reported issue was fixed while others remained unresolved. These assertions remain unverified.
The interview comes amid concerns over the scale of CBSE’s digital processes. Lakhs of students use online systems for photocopies of answer sheets, verification and re-evaluation after results are declared.
Adhikahari said recent developments did not surprise him.
“I’m disappointed. I just hope students and their security are taken more seriously,” he said.
His remarks add another layer to an ongoing debate: whether examination systems handling records of millions of students are equipped with sufficient safeguards, and how institutions respond when warnings come before controversies.
(The CBSE has later clarified that claims of a compromise of its On Screen Marking (OSM) portal are misleading. The Board said that the URL cited in social media posts was only a testing site containing sample data for internal review purposes. They further noted that the actual portal used for evaluation of answer books was different and had not been compromised. CBSE added that no security breach has been detected in the live evaluation system and asserted that strong safeguards and grievance redressal mechanisms are in place to ensure the integrity and transparency of the assessment process.)
As questions continue around CBSE’s post-result process and allegations of mismatched answer sheets, a Class 12 student who describes himself as an ethical hacker says he had reported vulnerabilities in the board’s digital evaluation system months earlier.
In an interview with India Today TV, Nisarga Adhikahari, claimed he was able to gain access to examiner-level functions within a portal linked to answer sheet evaluation and had informed authorities in February. The claims have not been independently verified.
His account has surfaced at a time when the board is facing scrutiny over answer sheet access, re-evaluation requests and concerns raised by some students over the authenticity of scanned copies provided during verification.
'THE PORTAL RAISED MY CURIOSITY'
Adhikahari said he had been learning ethical hacking since his early teens and became interested after CBSE announced digital systems for parts of the evaluation process.
According to him, he examined publicly accessible website code and network requests connected to the portal.
“I was also appearing for Class 12 exams this year. When CBSE announced that everything would be digital, I became curious,” he said.
He alleged that within a short period he identified weaknesses in how login credentials were handled.
“The first vulnerability took around 30 minutes. Overall, maybe two or three hours,” he said.
CLAIMS OF EXAMINER ACCESS
Adhikahari alleged that after accessing the system, he was able to enter examiner accounts.
“I was impersonating an actual examiner, and I could do anything an examiner could do,” he said.
When asked whether this included entering marks, he responded: “Yes, I could put grades in there.”
He also claimed examiner contact details and other information linked to accounts were visible. The extent of access described by him has not been independently confirmed.
The allegations are significant because examiner portals, if compromised, could raise questions around data security, privacy and the integrity of digital assessment systems. There is currently no evidence in the public domain indicating marks were altered.
'I DOCUMENTED THE ISSUES AND REPORTED THEM'
The student said he recorded his findings and reported them to relevant channels, including government cybersecurity mechanisms.
“I gave them details. I documented multiple vulnerabilities,” he said.
According to him, the response was limited to an acknowledgement.
“No reply from CBSE or the vendor only an acknowledgement,” he claimed.
He further alleged that one reported issue was fixed while others remained unresolved. These assertions remain unverified.
The interview comes amid concerns over the scale of CBSE’s digital processes. Lakhs of students use online systems for photocopies of answer sheets, verification and re-evaluation after results are declared.
Adhikahari said recent developments did not surprise him.
“I’m disappointed. I just hope students and their security are taken more seriously,” he said.
His remarks add another layer to an ongoing debate: whether examination systems handling records of millions of students are equipped with sufficient safeguards, and how institutions respond when warnings come before controversies.
(The CBSE has later clarified that claims of a compromise of its On Screen Marking (OSM) portal are misleading. The Board said that the URL cited in social media posts was only a testing site containing sample data for internal review purposes. They further noted that the actual portal used for evaluation of answer books was different and had not been compromised. CBSE added that no security breach has been detected in the live evaluation system and asserted that strong safeguards and grievance redressal mechanisms are in place to ensure the integrity and transparency of the assessment process.)
