12th class student’s miracle- found fault on IRCTC portal, lakhs of users could have been harmed


A 17-year-old student studying in Class 12 detected a glitch on the Indian Railway Catering and Tourism Corporation Limited’s (IRCTC) e-ticketing website. This error was such that the sensitive information of the user could be tampered with. Also, the ticket of another can be canceled comfortably without his knowledge. Due to the understanding and promptness of the student, the data of millions of users was saved from being leaked.

Let us tell you that the problem of ‘Bug’ complained by a student of class 12th from Chennai has been fixed. There was presence of Insecure Direct Object Reference (IDO) on the website. As a result, sensitive information on the website can be tampered with.


A senior official said on Tuesday that the IRCTC’s technology team took cognizance of the student’s complaint and resolved the problem immediately. “Our e-ticketing system is now completely secure. This problem was reported on August 30 and it was rectified on September 2.

P Renganatham, a class 12 student studying in a private school in Tambaram, Chennai, said that when he was trying to book tickets on August 30, he saw this problem (IDOR) on the website, which leaked the transfer details of lakhs of passengers. Is. This is a very common problem. He immediately informed the Indian Computer Emergency Response Team (CERT-In) about this.

He said in an email complaint to CERT-In, which works under the Ministry of Electronics and Information Technology, that through this one can also cancel someone else’s ticket and collect sensitive information.


Show More

Related Articles

Leave a Reply

Back to top button