IRCTC website flaw lets hackers cancel booked tickets

IRCTC security flaw that was reported last month is now fixed.


IRCTC (Indian Railways Catering and Tourism Corporation) is used by millions of users to book train tickets. With the increase in internet use, the number of people using this service increased. Eventually, it led to the launch of a functional website and a dedicated app to book tickets and manage the same. Given that there are numerous users, even a minor security flaw is bound to affect all the users.

IRCTC website flaw lets hackers cancel booked tickets


As per a recent report, a security researcher Ronnie T Baby discovered a major security flaw in the IRCTC website. This flaw made it relatively easy to exploit anyone with an idea of what they are doing. This flaw lets hackers access lakhs of user accounts and cancel booked tickets.

Notably, it is claimed that this flaw was reported to IRCTC on January 19 and that the platform is said to have resolved the issue with a proper captcha verification in less than a month's time.

IRCTC security flaw

The security research took to LinkedIn regarding the bug that was found in the password reset option. As per the details, this flaw was reported initially by FossBytes. The password reset option required users their IRCTC user ID and users will get an OTP to change the password. It will be protected via a captcha, which ensured that the OTP is secure via a brute-force attack. It uses a program that would enter random numerical OTPs to guess the right one. This is where the flaw allowed anyone to use a valid OTP to generate unlimited password requests.

Going by the post, the security research was also able to brute-force the OTP and log in to the account that reveals details such as address and booked tickets. It is said to have given him the ability to cancel booked tickets. The only field that is required for this is the user ID of the IRCTC account.

Most Read Articles
Best Mobiles in India

Read More About: irctc news internet

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more