An expert cyber criminal can modify the
seating arrangement of the entrance exam and also manipulate marks
scored by any student in the Kerala State government’s Commissioner of
Entrance Examinations.
Thursday, August 16, 2012:
Kerala State government’s
Commissioner of Entrance Examinations website has a serious security
vulnerability that can allow hackers to tamper with the database of the
Common Entrance Exam. Students from all over India, look up to the
common entrance tests for admissions to higher education colleges. The
potential security loophole was brought to light by a prominent whitehat
hacker, who contacted Tech 2.com and explained the entire scenario.
|
According to the Tech 2 report,
“a hacker can use modified URLs to introduce an SQL injection that lets
an attacker manipulate a database related to the Centralized Seat
Allotment Process for Professional Degree Courses, 2012
(http://cee.kerala.gov.in/capresult2012/).” In the worst case scenario,
the attacker can “easily manipulate results to make people believe they
have gained admission (or failed to do so).”
Recently, the office of the CEE acknowledged the information and replied that, “they have begun working to rectify the vulnerability.” The website had previously reported a similar security issue with BSNL's corporate network but the state run telecom giant did not pay much heed to the warning.
No comments:
Post a Comment