Spotting
 Timeline
 Travel Tip
 Trip
 Race
 Social
 Greeting
 Poll
 Img
 PNR
 Pic
 Blog
 News
 Conf TL
 RF Club
 Convention
 Monitor
 Topic
 Bookmarks
 Rating
 Correct
 Wrong
 Stamp
 PNR Ref
 PNR Req
 Blank PNRs
 HJ
 Vote
 Pred
 @
 FM Alert
 FM Approval
 Pvt
News Super Search
 ↓ 
×
Member:
Posting Date From:
Posting Date To:
Category:
Zone:
Language:
IR Press Release:

Search
  Go  
dark mode

Dadar/Pathankot Express - ਤੇਰੇ ਬਿਨ ਮਰ ਜਾਣਾ

Full Site Search
  Full Site Search  
FmT LIVE - Follow my Trip with me... LIVE
 
Sat Nov 27 11:34:11 IST
Home
Trains
ΣChains
Atlas
PNR
Forum
Quiz Feed
Topics
Gallery
News
FAQ
Trips/Spottings
Login
Advanced Search
<<prev entry    next entry>>
News Entry# 465766
Sep 24 (11:39) School student raises alarm over bug in IRCTC's e-ticketing platform, helps fix it (zeenews.india.com)
Other News
0 Followers
3617 views

News Entry# 465766  Blog Entry# 5074334   
  Past Edits
This is a new feature showing past edits to this News Post.
P Renganathan, from Chennai identified a bug in IRCTC's online ticketing platform and helped them fix it. Here's what happened...

New Delhi: A school student from Chennai identified a bug in Indian Railway Catering and Tourism Corporation (IRCTC)'s online ticketing platform. The teenager not only informed the railways of the security error but also helped them fix it.

P
...
more...
Renganathan, 17, realised that the bug could have exposed millions of passengers and their private information. The bug has now been fixed, the IRCTC acknowledged. 



According to a report, Renganathan was logging into the IRCTC site for book a ticket, when he realised that he could access the details of other passengers. The critical Insecure Object Direct References (IODR) vulnerability on the website helped him to access the journey details of other passengers including name, gender, age, PNR number, train details, departure station, and date of journey, as per an IANS report.

“I accidently discovered a critical IDOR that leaks the transaction details of millions of travelers, when I was trying to book tickets on August 30. It was the most common bug. Immediately, I reported about it to the Indian Computer Emergency Response Team (CERT-In),” P Renganathan from Tambaram told IANS.



If accessed by a hacker, they could have ordered food in the name of another passenger, changed the boarding station, and even cancelled the ticket without the knowledge of the passenger. Further, there was the risk of compromising details of millions of passengers.

The IT wing of the IRCTC took note of the complaint, and resolved the vulnerability issue in four days. “Our e-ticketing system is well protected (now). The issue was reported on August 30 and it was fixed on September 2,” an official said. On September 11, 2021, Renganathan also received a mail thanking him for reporting the incident.

The teenager has recieved similar acknowledgments from Linkedin, the United Nations, Nike, and several others for alerting them of the vulnerabilities in their websites. Renganathan wants to pursue a career in Computer Science, while continuing independent research on security of web applications.

(With agency inputs)
Scroll to Top
Scroll to Bottom
Go to Mobile site
Important Note: This website NEVER solicits for Money or Donations. Please beware of anyone requesting/demanding money on behalf of IRI. Thanks.
Disclaimer: This website has NO affiliation with the Government-run site of Indian Railways. This site does NOT claim 100% accuracy of fast-changing Rail Information. YOU are responsible for independently confirming the validity of information through other sources.
India Rail Info Privacy Policy