Days after exposing CBSE portal flaws, 19-year-old Nisarg Adhikary lands role at IIT Kanpur
Days after making headlines over his claims of security vulnerabilities in CBSE's digital systems, 19-year-old ethical hacker Nisarga Adhikary has joined IIT Kanpur's cybersecurity innovation hub.
The appointment comes shortly after Adhikary drew national attention with a series of allegations related to CBSE's digital infrastructure.
In posts on X, Adhikary claimed that scanned answer sheets and question papers linked to CBSE were publicly accessible because of an alleged cloud storage configuration issue. He alleged that an AWS storage bucket containing 2026 answer sheets and question papers could be accessed without authentication.
"Anyone on the internet can download any scanned booklet," he wrote in one of the posts.
Adhikary had earlier also claimed to have found vulnerabilities in CBSE's On-Screen Marking (OSM) portal. In a blog post, he said he had discovered the issues in February and reported them to CERT-In before making them public.
According to his claims, some of the vulnerabilities could have allowed unauthorised access to parts of the evaluation system. The allegations quickly gained attention on social media, with several users raising concerns about data security and student privacy.
According to the blog, the alleged vulnerabilities included a “hardcoded master password” visible inside the portal’s JavaScript bundle, client-side OTP validation, missing route protections, password reset flaws and what he described as a “systemic IDOR vulnerability”.
“One of the hardest things was not exploitation,” he wrote, “The hardest part was reading a JavaScript file and editing a couple of values in DevTools.” Adhikary also alleged that OTP verification was effectively meaningless because “the browser grades its own test”.
“A security control that runs on the attacker’s machine isn’t a control at all,” he wrote.
Ready to navigate global policies? Secure your overseas future. Get expert guidance now!
The appointment comes shortly after Adhikary drew national attention with a series of allegations related to CBSE's digital infrastructure.
In posts on X, Adhikary claimed that scanned answer sheets and question papers linked to CBSE were publicly accessible because of an alleged cloud storage configuration issue. He alleged that an AWS storage bucket containing 2026 answer sheets and question papers could be accessed without authentication.
"Anyone on the internet can download any scanned booklet," he wrote in one of the posts.
Adhikary had earlier also claimed to have found vulnerabilities in CBSE's On-Screen Marking (OSM) portal. In a blog post, he said he had discovered the issues in February and reported them to CERT-In before making them public.
According to his claims, some of the vulnerabilities could have allowed unauthorised access to parts of the evaluation system. The allegations quickly gained attention on social media, with several users raising concerns about data security and student privacy.
According to the blog, the alleged vulnerabilities included a “hardcoded master password” visible inside the portal’s JavaScript bundle, client-side OTP validation, missing route protections, password reset flaws and what he described as a “systemic IDOR vulnerability”.
“One of the hardest things was not exploitation,” he wrote, “The hardest part was reading a JavaScript file and editing a couple of values in DevTools.” Adhikary also alleged that OTP verification was effectively meaningless because “the browser grades its own test”.
“A security control that runs on the attacker’s machine isn’t a control at all,” he wrote.
Ready to navigate global policies? Secure your overseas future. Get expert guidance now!
Comments
Be the first to share a thought and become theFirst Voiceof this News Article
end of article
Trending Stories
- UP Board Class 10th, 12th result 2026 expected soon says DigiLocker: Check expected date and steps to download scorecards
- Karnataka SSLC Class 10th result 2026 expected to be released in early May, DigiLocker notice says "soon:" Check complete details here
- NEHU Result 2026 declared: How to check your scorecard; complete details here
- IPMAT admit card 2026 released for IIM Indore and Rohtak: Check steps to download hall tickets here
- Assam HS Class 12th result 2026 likely to be released soon, says DigiLocker notice: Here are steps to download scorecards
- “Do not go with a lot of targets in your mind,” says Rohit Gupta, CAO at PhysicsWallah: Mindset shift NEET aspirants need before exam day
- JKBOPEE CET admit card 2026 released at jkbopee.gov.in: Direct link to download hall tickets here
Featured in education
- 55% of young professionals prioritise quality of life over metro salaries: Is India's talent migration gaining pace?
- UPSC Prelims Result expected anytime now at upsc.gov.in, check direct link and latest updates
- CBSE Class 10 Second Board Result 2026 Live Updates: Over 6.7 lakh improvement and compartment candidates await Phase 2 scorecards
- DHSE Kerala Plus One Result 2026 Live Updates: Kerala Class 11 result to be out shortly as over four lakh students await scorecard release; check steps to download marksheet
- Kerala DHSE postpones Plus One results to July 15 after Gulf exam rescheduling delays
- HP TET 2026 admit cards released at hpbose.org; over 24,000 candidates to appear on June 13 and 14
Photostories
- 5 new sneakers releasing this June that are worth the hype
- Exclusive - Rubina Dilaik recalls hiding her pregnancy during a Punjabi film shoot, talks about mom guilt and motherhood; says, 'My nose would start bleeding on set due to the extreme heat'
- 10 unique sea snakes and places they can be found on beach by travellers
- Which quality makes others jealous of you? find out based on your birth date
- You don't need a Gout attack to have high Uric Acid: The subtle symptoms doctors don't want you to ignore
- From Vinod Kambli to Virat Kohli; famous cricketers who own luxurious properties in Mumbai’s premium neighbourhoods
- All about ‘How to Train Your Dragon 2’ live-action cast: From Cate Blanchett to Mason Thames
- Sleeping enough but still tired? These vitamin deficiencies could explain why
- 10 simple tips to fix Bluetooth problems in your Windows 11 laptops and PCs
- Forget the royals, Mahira Khan’s shimmering desi moment at King Charles’ charity dinner made her look like the main event and not a guest
Up Next
Follow Us On Social Media