Critical Vulnerabilities Found and Fixed by Cybersecurity Researcher Deepak Kumar on SSC Website

Prime Desk 6 mins ago

6 1 minute read

Deepak Kumar, a renowned cybersecurity researcher, recently uncovered three critical vulnerabilities on the Staff Selection Commission (SSC) website, posing significant risks to user data and system integrity. His responsible disclosure to the Indian Computer Emergency Response Team (CERT-In) led to swift action, and the vulnerabilities have now been resolved (Incident ID: CERTIn-22175824).

Details of the Vulnerabilities

1. Website Defacement
This vulnerability allowed attackers to modify the website’s content and create fake pages. Such attacks could mislead users and lead to phishing attempts, exposing sensitive information.

2. IDOR in “Forgot Password” Feature
A flaw in the “forgot password” functionality leaked answers to security questions of SSC candidates. This breach could have allowed attackers to compromise user accounts.

3. OTP Bypass
Weaknesses in the OTP verification system enabled attackers to bypass email and mobile OTP checks, granting unauthorized access to user accounts.

CERT-In’s Response

Upon reporting these vulnerabilities, CERT-In worked closely with SSC to address the flaws. The issues were fixed promptly, ensuring the safety and integrity of user data. CERT-In acknowledged Deepak’s efforts in strengthening cybersecurity, emphasizing the importance of responsible disclosure in safeguarding public systems.

Deepak Kumar’s Contributions

Deepak Kumar, based in Dumraon, Bihar, has a track record of identifying vulnerabilities in high-profile systems, including those of RBI, IRCTC, the Election Commission of India, LIC, and UPSC. His proactive approach and collaboration with CERT-In have played a crucial role in securing sensitive government platforms.

Public Awareness

This incident highlights the importance of regular security audits and robust defenses against cyberattacks. Users are advised to:

Use strong passwords and change them regularly.

Enable two-factor authentication wherever possible.

Be cautious about sharing sensitive information online.

Nothing Phone 2a Plus Community Edition : Specifications, Design & Everything you Need to Know!

Add Wheatgrass to Your Daily Routine for Health Benefits

Inspiring journey of Wali Rahmani: From ₹100 Donations to a Dream School

Mental Health Crisis at Work: WHO Reports 12 Billion Lost Workdays Annually

From GSDP to GDP Per Capita: India’s Top 10 Richest States

USCIRF Report : Criticizes Religious Discrimination Against Muslims in India

Know the Smart Uses of Credit Cards, or Risk More Losses Than Gains!

Amazon Great Indian Festival 2024: Start and End Dates

Jamia Millia Islamia Opens Admissions for Distance and Online Programs

UN REPORT: 366 UN STAFF AND FAMILY MEMBERS KILLED IN GAZA CONFLICT

Critical Vulnerabilities Found and Fixed by Cybersecurity Researcher Deepak Kumar on SSC Website

Prime Desk

Critical Vulnerabilities Found and Fixed by Cybersecurity Researcher Deepak Kumar on SSC Website

Security Flaw in EPFO System Exposes Pensioners’ Data: Insights from Nilabh Rajpoot of Netrika Consulting

BREAKING: KENNETH FIRE EXPLODES TO NEARLY 800 ACRES

Stock Market Crash: Sensex Falls Over 1,000 Points

ISRAELI AIR FORCE BOMBS LATAKIA PORT IN SYRIA

Subscribe to our mailing list to get the new updates!

Security Flaw in EPFO System Exposes Pensioners’ Data: Insights from Nilabh Rajpoot of Netrika Consulting

Related Articles