Teenager flags bug in IRCTC’s system

Teenager flags bug in IRCTC’s system

The Hindu

The critical Insecure Object Direct References (IDOR) vulnerability on the website enabled him to access the journey details of other passengers

A city school student has helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug on its online ticketing platform that could have exposed private information of millions of passengers.

Acting on his alert, the Computer Emergency Response Team, India, conveyed the vulnerability to the IRCTC that fixed the glitch, preventing a possible hacking of the largest online ticketing portal in the country.

According to P. Renganathan (17), a Standard 12th student of a private school at Tambaram in Chennai, he was booking a train ticket by logging into the IRCTC portal a few days ago when he found certain vulnerabilities that could compromise the security features. The critical Insecure Object Direct References (IDOR) vulnerability on the website enabled him to access the journey details of other passengers such as name, gender, age, PNR number, train details, departure station and date of journey.

Read full story on The Hindu
Share this story on:-
More Related News
Bombay High Court grants bail to person arrested in the Shivaji statue collapse case

Bombay High Court grants bail to Chetan Patil in Shivaji statue collapse case; sculptor Jaydeep Apte's plea pending.

A rinderpest outbreak devastated the gaur population of Mudumalai in 1968

Deadly rinderpest outbreak devastates Mudumalai Wildlife Sanctuary, highlighting the threat of diseases from domestic cattle to wild populations.

An Adheenam that is unique, but not as influential as other Mutts

Suryanarkoil Mutt's history, traditions, and leadership succession explained in detail with references and comparisons to other Saivaite Mutts.

Upalokayukta sets 20-day deadline to rejuvenate Kelageri Tank in Dharwad

Upalokayukta takes action against officials for neglecting century-old Kelageri Tank in Dharwad, setting 20-day deadline for rejuvenation.

Centre launches Marine Fisheries census, to be completed in 45 days

On World Fisheries Day, India launches projects for marine and inland aquaculture, aiming to transform the fisheries sector and blue economy.

Lokayukta police raid unearth assets worth ₹26.6 crore

Lokayukta police raid uncovers ₹26.6 crore in assets from government officials in Karnataka, leading to investigations and cases filed.

Litigants affected as advocates stayed away from court proceedings in Vellore, nearby districts

Court boycott by advocates in Tamil Nadu demands Advocates Protection Bill for safety, affecting litigants from remote villages.

Army picks up locals daily, five beaten up in custody: Kishtwar village sarpanch

Army faces allegations of harassment and torture in Kishtwar, Jammu; probe ordered, sparking concerns over human rights violations.

Karnataka’s software exports cross ₹4.11 lakh cr. during fiscal 2023-24

Karnataka’s software and services exports crossed ₹4.11 lakh crore during fiscal 2023-24 (March 2024) from ₹3.2 lakh crore a year ago, marking a 27% year-on-year growth, Minister for IT&BT, Priyank Kharge, said here on Thursday quoting Software Technology Parks of India (STPI) data.

Continuous rainfall triggers waterlogging in many areas of Thoothukudi

Continuous rainfall in Thoothukudi has caused severe hardship for residents as rainwater has inundated several areas. Efforts to drain stagnant water in the city have been intensified

A ‘bribery scheme’ to bag lucrative solar power contracts

Indictment details Adani bribery scheme to secure solar power contracts, involving Adani Green Energy and Azure Power executives.