It is sometimes said that children can easily do the work that big dares cannot do. A case where a school student finds a major flaw in IRCTC’s e-ticketing platform, the official website of Indian Railways, has come to the fore in the country. Due to this error, data of millions of passengers can be leaked. In fact, when a booking site was opened by a 12th standard student living in Chennai to book a ticket, an unsecured direct object reference (IDOR) appeared. This student then alerted the Indian Railways about this shortcoming. After receiving the alert, the IRCTC removed the flaw.
‘Quick fix problem’
A senior official said that the IT department of the Indian Railway Catering and Tourism Corporation (IRCTC) had taken up the complaint and took immediate action to rectify the shortcoming. He said he was aware of this on August 30, which was fixed on September 2. After this, IRCTC’s e-ticket system is completely secure and there is no possibility of passenger data leaks.
‘Details may have leaked’
P Renganatham, a student of class 12 in a private school in Chennai, was booking a ticket on August 30, and we saw this flaw (IDOR) on the IRCTC website which leaked lakhs of travel details. Travelers. This is a very common problem.
Complaint by e-mail
Renganathan informed the Indian Computer Emergency Response Team (CERT-In) of this error. He wrote in an e-mail to CIRT-IN, which works under the Ministry of Electronics and Information Technology, that can cancel someone else’s ticket and obtain sensitive data.
Aadhaar Card Download: Downloading Aadhaar card is very easy, this work only needs to be done
Pan-Aadhaar Link: The deadline for linking PAN card with Aadhaar has been extended once again, know what the new deadline is