Just In
- 15 hrs ago Dell Introduces AI-Powered Laptops and Mobile Workstations for Enterprises in India
- 17 hrs ago Meta AI Powered by Llama 3 Takes Aim at ChatGPT and Gemini: All You Need to Know!
- 17 hrs ago OnePlus Ace 3 Pro Leak Hints at New Design; Expected Launch, Specifications We Know So Far
- 18 hrs ago Vivo V30e Launch Date in India set for May 2: Flipkart Availability Confirmed
Don't Miss
- Movies Bigg Boss Malayalam 6 Elimination Update: Jaanmoni Gets Evicted From Mohanlal’s Show? Here’s What We Know
- Lifestyle Vidya Balan's 'Do Aur Do Pyaar' Urban Boho Style Avatar Is Relatable And Inspiring, Check Her Modern Avatar!
- Sports WCL: How to buy Tickets for World Championship of Legends?
- Finance 625% Dividend, 1:10 Split, 3 Bonus; FMCG ITC Makes Big Acquisition Announcement; Stock Target Prices In April
- News Chinese President Xi Jinping Orders Biggest Military Reorganisation Since 2015
- Education Exam Pressure Does Not Exist; Studying Punctually is Crucial; Says Aditi, the PSEB 2024 Topper
- Automobiles Suzuki Swift Hatchback Scores 4 Star Safety Rating At JNCAP – ADAS, New Engine & More
- Travel Journey From Delhi To Ooty: Top Transport Options And Attractions
IRCTC website flaw lets hackers cancel booked tickets
IRCTC security flaw that was reported last month is now fixed.
IRCTC (Indian Railways Catering and Tourism Corporation) is used by millions of users to book train tickets. With the increase in internet use, the number of people using this service increased. Eventually, it led to the launch of a functional website and a dedicated app to book tickets and manage the same. Given that there are numerous users, even a minor security flaw is bound to affect all the users.
As per a recent report, a security researcher Ronnie T Baby discovered a major security flaw in the IRCTC website. This flaw made it relatively easy to exploit anyone with an idea of what they are doing. This flaw lets hackers access lakhs of user accounts and cancel booked tickets.
Notably, it is claimed that this flaw was reported to IRCTC on January 19 and that the platform is said to have resolved the issue with a proper captcha verification in less than a month's time.
IRCTC security flaw
The security research took to LinkedIn regarding the bug that was found in the password reset option. As per the details, this flaw was reported initially by FossBytes. The password reset option required users their IRCTC user ID and users will get an OTP to change the password. It will be protected via a captcha, which ensured that the OTP is secure via a brute-force attack. It uses a program that would enter random numerical OTPs to guess the right one. This is where the flaw allowed anyone to use a valid OTP to generate unlimited password requests.
Going by the post, the security research was also able to brute-force the OTP and log in to the account that reveals details such as address and booked tickets. It is said to have given him the ability to cancel booked tickets. The only field that is required for this is the user ID of the IRCTC account.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
62,425
-
1,15,909
-
93,635
-
75,804
-
9,999
-
11,999
-
3,999
-
2,500
-
3,599
-
8,893