This 19-year-old says he could change CBSE marks from home
27 May 2026
Nisarga Adhikary, a 19-year-old ethical hacker, has flagged major security flaws in the Central Board of Secondary Education's (CBSE) newly launched On-Screen Marking (OSM) system.
The platform was designed to allow examiners to evaluate scanned copies of answer sheets on computers instead of paper.
However, Adhikary found that anyone with basic technical skills could bypass OTP authentication and impersonate examiners, reset passwords, and even alter students' marks.
Access control completely broken, says Adhikary
Security breach
Adhikary, a Class 12 student from West Bengal, said it took him less than an hour to find all the vulnerabilities in the system.
"Anyone can impersonate any examiner to their choice. The access control is totally broken," he said.
He added that he could change the marks as there was no OTP security and anyone could change the password.
CBSE denies OSM portal hacked
Official clarification
In response to Adhikary's claims, CBSE denied that its OSM portal had been hacked.
The board clarified that the URL claimed by Adhikary to have flaws was "the testing site only with sample data for internal testing and review purposes."
It emphasized that no security breaches had come to light on the portal deployed for actual evaluation work.
Adhikary stands by claims
Counterclaims
Responding to CBSE's clarification, Adhikary claimed that the URL in CBSE's post was "not even a real domain," and that it was directing users to his blog.
After discovering the vulnerabilities, he sent emails to several authorities including CERT-In and other government-linked cybersecurity contacts but did not receive satisfactory responses.
He flagged six high-severity vulnerabilities still present on the site, including one on the master password.
Who is Nisarga Adhikary?
Cybersecurity experience
Adhikary is a hobbyist cybersecurity researcher who has previously worked on bug bounty and vulnerability-hunting projects.
He studied in Delhi for a few years, where he built cybersecurity tools as well.
He has been involved in ethical hacking and security testing for several years now.
"I used to do ethical hacking for a while and thought it would be good if I could play around and find bugs in it," he told ThePrint.
-
Dahi Ki Sabzi: Have you tried Ayushmann Khurrana’s favorite curd vegetable, the recipe is also very easy; take note
-
Ways to strengthen mother-in-law and daughter-in-law’s relationship
-
Ramdas Athawale’s sharp attack on the opposition, gave a funny answer to the question of leadership in India alliance
-
Cheap and effective way to drive away pigeons from the balcony, follow this trick and the birds will fly away as soon as they arrive.
-
WhatsApp Update- If you get scam calls on WhatsApp, then turn on this setting immediately.
