Overview
- Student researchers publicly flagged evaluation discrepancies and technical flaws in CBSE’s On‑Screen Marking (OSM) portal, triggering an external audit by IIT teams.
- The IIT panel concluded the OSM portal was not thoroughly tested and corroborated specific vulnerabilities such as OTP bypasses and a hardcoded master password that could grant examiner account access.
- After confirming weaknesses the auditors helped build an interim examiner-facing portal from the discontinued system’s base code to support ongoing verification and re-evaluation of answer sheets.
- Investigators say they found no evidence that student records were leaked outside the system and that data briefly downloaded by an ethical hacker was deleted, while CBSE moved answer-sheet records off the vendor’s infrastructure for closer control.
- The panel will recommend advanced security steps including regular vulnerability assessments, penetration testing, and Red Team–Blue Team exercises, and the findings raise questions about vendor oversight and CBSE’s technical capacity to run large-scale digital exam systems.