‘Exploitable weaknesses are being ruled out’: CBSE finally accepts vulnerabilities in the OnMark portal, forms expert team of cybersecurity professionals

The Central Board of Secondary Education (CBSE) has finally acknowledged that vulnerabilities were present in the OnMark portal used by its service provider and said that a team of cybersecurity experts has been working to strengthen the system. The development comes just days after the board had denied any security issues on 28th May.

In a statement issued on Sunday, 31st May, CBSE said it has been keeping a close watch on the security concerns that were being discussed publicly regarding the OnMark portal. According to the board, cybersecurity professionals from different government agencies and the IITs have been deployed over the past few days to secure the system and move it to a safer setup.

CBSE said the weaknesses that had been identified have now been contained. The board added that experts are continuing to examine the platform to ensure that no other security gaps remain that could be misused.

The board also thanked citizens and ethical hackers who drew attention to the security concerns. CBSE said it has already contacted some of them directly and requested others with relevant information to reach out to its security team through the email address [email protected].

The statement was issued amid growing concerns over the security of the portal used by the board’s service provider. Questions were raised online after several users pointed to possible flaws in the system and shared their findings on social media.

What is the matter?

The controversy began when Nisarg Adhikari, a Class 12 student, claimed that he had accessed CBSE systems and uncovered security flaws in the OMS portal. He stated that an Amazon Web Services (AWS) cloud storage bucket linked to the system had not been properly secured.

Around the same time, several students started posting screenshots and photographs of their scanned answer sheets on X. Some students reported that their answer sheets were incomplete, while others claimed that supplementary sheets or awarded marks were missing from the records available to them.

Following the growing concerns and public discussion, CBSE took cognisance of the matter and launched an investigation. The board has now confirmed that security vulnerabilities were identified and says efforts are underway to fully secure the system and eliminate any remaining weaknesses.