Exposing Critical Vulnerabilities in CBSE’s On-Screen Marking Portal: From Authentication Bypass to Full Account Takeover
Summary
A detailed security blog post exposing critical vulnerabilities in CBSE's On-Screen Marking portal, including authentication bypass and account takeover risks. The writer documents findings from reverse-engineering the frontend bundle, explains the insecure client-side OTP and missing route guards, and discusses responsible disclosure to CERT-In and media coverage.