Breaking News
Maharashtra: Nearly 50 leopards in Junnar to be sterilised
Dating app scam: Accused sent to judicial custody
Mumbai: Gokhale bridge second girder finally launched, lowering to begin soon
Mumbai: Eid procession shifted to ensure peaceful Ganesh festivities
Ganeshotsav 2024: 10 lakh travelled to Konkan for Ganesh Chaturthi
shot-button
Ganesh Chaturthi Ganesh Chaturthi
Home > Technology News > Chennai school student helps IRCTC fix bug on its online platform

Chennai school student helps IRCTC fix bug on its online platform

Updated on: 22 September,2021 09:51 AM IST  |  Chennai
IANS |

Top

He told media persons that while he was logging into the IRCTC site for booking a ticket, he found that he could access the details of other passengers that could compromise the security features of the website

Chennai school student helps IRCTC fix bug on its online platform

Photo for representational purpose. Picture Courtesy/iStock

A 17-year-old plus two student in a private school in Chennai's Tambaram has helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug in its online ticketing platform, which could have exposed millions of passengers and their private information.


Ranganathan said that the critical Insecure Object Direct References (IODR) vulnerability on the website helped him to access the journey details of other passengers.


He told media persons that while he was logging into the IRCTC site for booking a ticket, he found that he could access the details of other passengers that could compromise the security features of the website.


The vulnerability helped him to access details of other passengers including name, gender, age, PNR number, train details, departure station, and date of journey.

Ranganathan said that as the back end code was the same, a hacker could have ordered food in the name of another passenger, changed the boarding station, and even cancelled the ticket without the knowledge of the passenger.

He said that more than this, there was the risk of the database of millions of passengers being compromised or leaked.

IRCTC officials said that Ranganathan had reported the matter to the Computer Emergency Response Team (CERT) on August 30, and the IRCTC was alerted. The problem was fixed in five days.

The teenager had earlier got acknowledgments from Linkedin, the United Nations, Nike, and several others for alerting them of the vulnerabilities in their websites.

This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliabilitsy and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever

"Exciting news! Mid-day is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest news!" Click here!

chennai indian railways tech news tamil nadu

Register for FREE
to continue reading !

This is not a paywall.
However, your registration helps us understand your preferences better and enables us to provide insightful and credible journalism for all our readers.

Mid-Day Web Stories

Mid-Day Web Stories

This website uses cookie or similar technologies, to enhance your browsing experience and provide personalised recommendations. By continuing to use our website, you agree to our Privacy Policy and Cookie Policy. OK