A student of Plus 2 has discovered a flaw in IRCTC. Due to this flaw, personal information of lakhs of passengers could have been leaked. This was detected by 17-year-old Ranganathan from Chennai studying in Plus 2. It has now been fixed.
A student of Plus 2 has discovered a flaw in IRCTC. Due to this flaw, personal information of lakhs of passengers could have been leaked. This was detected by 17-year-old Ranganathan from Chennai studying in Plus 2. It has now been fixed.
Regarding this, Ranganathan said that the journey details of the passengers could be accessed from the Critical Insecure Object Direct Reference (IODR) vulnerability website. He told the media person that he was login to book tickets on IRCTC.
He has further told that he was able to access the details of other passengers as well. Due to this vulnerability, the name, gender, age, PNR number, train details, departure station and date of journey of the passengers can be accessed.
Ranganathan has told that the back end code was the same. Because of this, hackers could order food in the name of any passenger. Apart from this, he could also change the boarding station. Even hackers could cancel the ticket without the knowledge of the passenger due to this flaw.
He has said that with this the details of lakhs of passengers could have been leaked. IRCTC official said that Ranganathan informed this to CERT. It was fixed again.
