India’s state government fixes website bugs that exposed residents’ sensitive documents

RockedBuzz
By RockedBuzz 3 Min Read

An Indian state government has resolved safety points affecting its website that exposed sensitive documents and private data of thousands and thousands of residents.

The bugs existed on the Rajasthan government website associated to Jan Aadhaar, a state program to supply a novel identifier to households and people within the state to entry welfare packages. The bugs revealed copies of Aadhaar playing cards, start and marriage certificates, electrical energy payments and earnings tax returns referring to the registrants, in addition to private data equivalent to date of start, gender and father’s identify.

Security researcher Viktor Markopoulos, who works for cybersecurity agency CloudDefense.ai, discovered the bugs within the Jan Aadhaar portal in December and requested RockedBuzz for assist in reporting them to authorities.

The bugs had been fastened final week because of an intervention by the Indian Computer Emergency Response Team, or CERT-In.

One of the bugs allowed anybody to entry documents and private data by figuring out the registrant’s telephone quantity.

The different bug allowed sensitive knowledge to be returned as a result of the server didn’t adequately test the validity of one-time passwords, the researcher defined.

RockedBuzz contacted the Rajasthan government’s Jan Aadhaar authority on December 22 and adopted up every week later, however acquired no response. RockedBuzz later shared particulars of the bug with CERT-In, which on Thursday confirmed that the bugs had been fastened.

“This is to inform you that we have received a response from the concerned authority that the reported vulnerability has been resolved,” the company advised RockedBuzz. The researcher additionally confirmed the repair.

RockedBuzz reached out to the Rajasthan government once more for remark earlier than publication, however we didn’t obtain a response.

The state-run Jan Aadhaar portal, launched in 2019, claims to have greater than 78 million particular person registrants and 20 million households. The portal goals to supply “One Number, One Card, One Identity” to residents of the northern state of Rajasthan to entry state government welfare programmes. This contrasts with the common Aadhaar card, out there for enrollment to eligible folks throughout India and supplied by the central government-backed Unique Identification Authority, or UIDAI.

India’s state government fixes website bug that revealed Aadhaar numbers and fingerprints

Share This Article
Leave a comment