Central Board of Secondary Education (CBSE) on Tuesday clarified that the portal allegedly compromised by a student hacker was only an entrance testing platform and not the actual On-Screen Marking (OSM) system used to check the answer sheets of Class 12 board exams. The clarification came after 19-year-old student and ethical hacker Nisarga Adhikari claimed on social media platform X and in a detailed blog post that he had bypassed parts of the CBSE OSM portal’s login and access control system. These claims raised questions about the security of the board’s newly introduced digital assessment system. CBSE has introduced on-screen marking system for checking the answer sheet of class 12th this year.
CBSE says the original assessment portal is not affected.
In a statement posted on X, CBSE said that the URL identified in the social media posts, “cbse.onmark.co.in” was not the portal used for the actual assessment work. “At the outset, it is clarified that the portal used for checking answer books has a different URL, which has neither been compromised nor has the vulnerabilities mentioned in the above social media post,” CBSE said. The board said the flagged website was a “testing site with sample data for internal testing and review purposes only.” “There is no actual assessment data, traces or other data on this portal. The Board emphasizes that no security breach has been detected on the portal deployed for actual assessment work,” the statement added. CBSE added that the on-screen marking system has been introduced “to increase transparency in evaluations with robust grievance redressal mechanisms in place”.
The student contested CBSE’s claim.
After clarification, Adhikari disputed the board’s claim that the accessed platform contained only testing data. “If it was test data – how was I able to log in completely with prod user data? I have a screen recording of it and proof of CERT-In acknowledging it,” he said in a post on X. The student also claimed that several domains under the OnMark system, including cbse1.onmark.co.in, cbse2.onmark.co.in, cbse3.onmark.co.in and cbse4.onmark.co.in, reflect similar vulnerabilities. He said the problems were privately reported to the Indian Computer Emergency Response Team (CERT-In) months ago. Posts from cybersecurity professionals, students and educators expressing concern over the security framework of the exam evaluation system have been circulating widely online.
The OSM portal is already under scrutiny on answer sheet complaints.
The clarification comes at a time when CBSE’s on-screen marking system is already facing scrutiny over complaints related to scanned answer sheets and re-examination requests. According to CBSE data, the board has received 4,04,319 requests from students seeking scanned copies of the examined answer scripts. Class 12 students had requested more than 11.31 lakh answer books, of which 8,98,214 copies have already been shared. The remaining applications are expected to be completed by May 27, CBSE said. The issue drew attention when a Class 12 student, Vedant, took to social media to allege that the handwriting in the scanned physics answer sheet uploaded under his roll no. did not match his own handwriting. Later several students raised similar concerns and questioned the discrepancies in the uploaded answer scripts and aggregate scores. CBSE later admitted to the mismatch in some answer sheets and said that correct copies would be sent to students through their registered email addresses. Amid concerns over technical glitches in the revaluation portal, Union Education Minister Dharmendra Pradhan had earlier announced that technical experts from Indian Institute of Technology Madras (IIT Madras) and Indian Institute of Technology Kanpur (IIT Kanpur) would assist CBSE in strengthening the infrastructure of the portal.
