Latest update:
His response came after CBSE said that the vulnerabilities identified in the on-screen marking (OSM) portal managed by its service provider have been contained.
CBSE says the security vulnerabilities in its OnMark portal have been contained, and no student data or exam records were compromised. (archive photo)
Nisarga Adhikary, a 19-year-old hacker who claimed to have discovered critical vulnerabilities and data security vulnerabilities in the Central Board of Secondary Education (CBSE)’s on-screen marking (OSM) process for assessing Class 12 results, responded to the board’s latest clarification with a popular song by Punjabi rapper Yo Yo Honey Singh.
His response came after CBSE said the vulnerabilities identified in the OnMark portal managed by its service provider have been contained, following concerns raised publicly about possible security vulnerabilities in the system.
Adhikari posted a clip of Honey Singh’s song “Dope Shope”, saying that the government “admitted” that there was a security breach. He commented on the 16-second video, saying: “How do the kids and I move on after CBS admitted that there was indeed a security breach.”
What did CBSE say?
Amid massive public outcry over the OSM assessment process, CBSE said it is closely monitoring the reported vulnerabilities and has deployed an expert team of cybersecurity professionals over the past few days.
The council said that specialists from various government agencies and Indian Institutes of Technology (IITs) are working to strengthen the security architecture of the platform and move it to a more secure setting.
“The identified vulnerabilities have been contained, and other exploitable vulnerabilities are being ruled out,” CBSE said in its post, adding that it was grateful for the alert from citizens and ethical hackers who highlighted the issues, without mentioning Adhikary.
OSM Security Disadvantages
This came after Adhikary, an ethical hacker, flagged alleged vulnerabilities in the panel’s on-screen marking (OSM) system. The researcher claimed that the flaws could allow unauthorized access to examiners’ accounts and other sensitive functions.
Adhikari said there were several security flaws in the system, which he reported to the authorities three months ago. However, only partial repairs were implemented. The teenage hacker said he found a “master password” encoded in a publicly available JavaScript package that anyone can download.
In his latest post, Adhikary said that CBSE has allegedly left its massive cloud storage database completely unprotected, allowing anyone on the internet to view, list and download the 2026 board exam answer.
Read more
