Advertisement
The IT wing of the IRCTC which took note of the complaint, immediately resolved the vulnerability issue that has been reported, a senior official said on Tuesday.
“Our e-ticketing system is well protected (now). The issue was reported on August 30 and it was fixed on September 2,” he added.
The IDOR, a type of access control vulnerability, arises when an application uses user-supplied input to access objects directly. “I accidently discovered a critical IDOR that leaks the transaction details of millions of travelers, when I was trying to book tickets on August 30. It was the most common bug. Immediately, I reported about it to the Indian Computer Emergency Response Team (CERT-In),” P Renganathan, a plus-two student of a private school in Tambaram here, said.
Related Articles
Advertisement
As a mitigation, Renganathan who identifies himself as ethical hacker and cyber security researcher, said that the booked user and ticket should be validated so that no one else can access it except the booked user.
On September 11, 2021, he received a mail thanking him for reporting the incident to CERT-In and also a confirmation that the “reported vulnerability has been resolved” by the authorities concerned.
Renganathan, currently pursuing commerce group, has been acknowledged by LinkedIn, United Nations, BYJU’s, Nike, Lenovo, Upstox for reporting security vulnerabilities in their web applications.
Schools across Tamil Nadu re-opened only for classes ninth to twelfth on September 1. “I have opted for online classes owing to the pandemic,” he said.