IRCTC bug: Student detects HUGE flaw, saves data of millions of users
IRCTC bug: A student in Chennai has discovered a dangerous flaw in IRCTC website while booking train tickets. He saved data of millions of users from being leaked by hackers.
In what will bring welcome relief to officials, a teenager detected a dangerous flaw on IRCTC website. The youngster detected the IRCTC bug while using the IRCTC system to book a train ticket. Thankfully, the teenager acted as a good Samaritan and alerted the authorities. The IRCTC flaw was reportedly fixed within five days of him reaching out to highlight the issue.
The presence of this IRCTC bug was revealed by a 17-year-old student in Chennai and it has helped resolve a security vulnerability in the Indian Railway Catering and Tourism Corporation (IRCTC) online ticketing platform that is used by millions of Indians. The early detection by the enthusiast reportedly resulted in the flaw being patched before it could be misused by malicious actors that could have exposed personal data of most IRCTC users.
Also read: Looking for a smartphone? Check Mobile Finder here.
The IRCTC bug was spotted by P Renganathan, who is currently studying in standard 12 at Tambaram, as reported by The Hindu. Renganathan was using the IRCTC portal some time ago to book a ticket when he found certain security vulnerabilities that could have led to personal information of this website's users being leaked online.
According to the report, Renganathan found the most critical Insecure Object Direct References (IDOR) vulnerability, which he was able to use to access personal information such as a passenger's age, their name, PNR details and departing times along with date and time of the journey. Interestingly, Renganathan's disclosure to the Computer Emergency Response team (CERT-In) was on August 30, and a ticket was raised within minutes, while the IRCTC resolved the issue within five days, the report said.
“Since the back-end code is the same, a hacker would have been able to order food, change the boarding station and even cancel the ticket without the knowledge of the bona fide passenger,” Renganathan explained to The Hindu. He also added that domestic tourism and international travel, along with bus and hotel booking could be found in a user's profile, which could mean millions of passengers could have lost their data in a breach.
The report states that Renganathan has also received acknowledgement for helping resolve security flaws with products from Nike, Lenovo LinkedIn and the United Nations.
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.