It is said that sometimes children can easily do the work which big stalwarts cannot do. A similar case has come to the fore in the country, where a school student has caught a major flaw in the e-ticketing platform of IRCTC, the official website of Indian Railways. Due to this flaw, the data of lakhs of passengers could have been leaked. In fact, when a class 12 student residing in Chennai opened the booking site to book tickets, an Insecure Direct Object Reference (IDOR) appeared in it. After this, this student alerted the Indian Railways about this flaw. After getting the alert, IRCTC removed this flaw.
‘quick fix problem’
On this matter, a senior official said that the IT department of Indian Railway Catering and Tourism Corporation (IRCTC) immediately after receiving the complaint took action on it and rectified this flaw. He told that it was known about it on 30 August, which was corrected on 2 September. After this IRCTC’s e-ticketing system is completely safe and there is no possibility of data leak of passengers.
‘Details could have been leaked’
Let us tell you that when P Renganatham, a student studying in class 12 in a private school in Chennai, was booking tickets on August 30, he saw this flaw (IDOR) on the website of IRCTC, which leaks the travel details of lakhs of passengers. This is a very common problem.
complaint via e-mail
Renganathan told the Indian Computer Emergency Response Team (CERT-In) about this flaw. He wrote in an e-mail to CIRT-IN, which works under the Ministry of Electronics and Information Technology, that through this one can also cancel someone else’s ticket and get sensitive data.
read this also