NEW DELHI: Just days after the controversy surrounding the Central Board of Secondary Education’s (CBSE) digital evaluation system, another examination-related platform has come under scrutiny. This time, the spotlight is on the National Testing Agency’s (NTA) re-examination portal, after cybersecurity researchers alleged serious security vulnerabilities that could potentially expose administrative data and user information.The claims, made on social media by independent researchers, have triggered fresh questions about the security preparedness of digital platforms handling high-stakes examinations in India. While the allegations remain unverified independently, they have already generated concern among students, educators and cybersecurity observers because of the sensitive nature of the information reportedly involved.Researchers claim access to administrative functionsDubai-based cybersecurity researcher Rylen Anil alleged on X that NTA’s re-examination portal contained a “superadmin login bypass” enabled by weak credentials.According to the posts, the vulnerability allegedly exposed information related to thousands of observers, centre coordinators and examination centres, including names, email addresses and phone numbers.The researcher further claimed that the issue was not limited to data exposure alone. According to the allegations, access to the portal’s administrative dashboard could potentially allow functions such as exporting data, generating appointment letters, managing observers, uploading templates and handling administrative mappings.
NTA re-examination portal faces security scrutiny after researchers allege vulnerabilities
Screenshots shared online appeared to show portions of the portal interface. However, TOI Education has not independently verified the authenticity of the claims, the screenshots, or the extent of any alleged exposure.At the time the allegations gained attention online, users reported that the portal link subsequently displayed a “404 Not Found” message.Fresh questions after CBSE’s OSM controversyThe development comes against the backdrop of the ongoing controversy involving CBSE’s On-Screen Marking (OSM) system.Over the past few weeks, CBSE has faced scrutiny over complaints relating to scanned answer sheets, evaluation discrepancies and alleged cybersecurity weaknesses flagged by independent researchers. The Board later acknowledged certain vulnerabilities and stated that cybersecurity professionals, government agencies and experts from IIT Kanpur and IIT Madras had been engaged to strengthen the system.The latest allegations involving NTA have therefore attracted attention because they emerge at a time when examination-related digital infrastructure is already under public scrutiny.Separately, the same researcher also raised concerns regarding security architecture associated with a CBSE DigiLocker-linked portal, alleging that certain encryption mechanisms relied on publicly accessible code. Those claims, too, remain independently unverified.NTA yet to respondTOI Education has reached out to the National Testing Agency seeking clarification on the allegations. Queries were sent regarding whether the vulnerabilities have been examined, whether any candidate or administrative data was exposed, and whether any security review or corrective measures have been initiated.At the time of publication, a response from NTA was awaited.If the allegations are ultimately found to be accurate, they are likely to renew debate about cybersecurity standards across examination platforms that handle large volumes of student and administrative data. As more examination processes move online, questions around digital security are increasingly becoming as important as questions around examination conduct itself.For now, however, the claims remain allegations made by independent researchers, and official verification is still awaited.