A 17-year-old student studying in a Chennai school saved the personal information of lakhs of railway passengers from leaking by helping them identify a bug in IRCTC’s system. The country’s Computer Emergency Response (CERT India) team informed IRCTC as soon as the alert was sent by this student named P Ranganathan. Due to this, the world’s largest online ticketing portal was saved from being hacked in time.
Important information could have fallen in the hands of hackers
According to ‘The Hindu’, P. Ranganathan, a class 12 student at a private school in Tambaram in Chennai, was logging into IRCTC a few days ago to book tickets. While booking tickets, he came across some such lapses, which could endanger the security of the online portal. Due to the weakness of Object Direct Reference (ODR) in the website, hackers could get information like name of passengers, gender, age, PNR number, train details, date of journey and name of the starting station.
I’m very happy to say I’ve been featured on @the_hindu @THChennai Thanks to Mr. jayvijaythehindu for the story <3https://t.co/wEHGVU2jwY
❤️@th3cyb3rc0p @HemantSolo @theXSSrat @ADITYASHENDE17 @Pethuraj @HackerGautam @cyph3r_asr @e11i0t_4lders0n
See today’s Hindu paper ???? pic.twitter.com/twxqgcL2lc
– Renganathan (@IamRenganathan) September 21, 2021
The student said, how could the system be in danger?
Ranganathan said that since the bank end code was the same, the hacker could do things like order food, change boarding station to cancel the ticket and the passengers were not aware of this. Apart from this, work like domestic, international tourism, bus ticketing and hotel booking could be done on the user profiles of other passengers. The most serious threat is the huge database of millions of travelers. Hackers could have leaked it.
Telegram New Feature: Now record live stream and video chat in Telegram, know what are the other features in the latest update
Ranganathan has also caught a bug in the systems of LinkedIN, United Nations, Nike
According to Ranganathan, on August 30, 2021, the information about this flaw was given to CERT India. After a few minutes of this, IRCTC got this information and this problem was resolved. Ranganathan said that he had alerted LinkedIN, United Nations, Nike and Lenovo about the flaws in his system. These companies had acknowledged him. Ranganathan wants to make a career in Computer Science. Currently, he is doing research independently on the security of web applications.
Get Business News ,, latest India News ,, and other breaking news on share market, investment scheme and much more on Business Khabar. Like us on Facebook, Follow us on Twitter for latest financial news and share market updates.
.