Analysis of Security Failures in CBSE's Digital Marking System
CBSE 數位閱卷系統安全性漏洞分析
Introduction
The Central Board of Secondary Education (CBSE) has moved its Class 12 answer script re-evaluation to its own internal portal. This decision follows the discovery of serious security weaknesses in the OnMark platform, which was provided by the company Coempt Edu Teck.
中央中等教育委員會 (CBSE) 已將其 12 年級答題卷的重新評核移至自身的內部入口網站。此決定是在發現由 Coempt Edu Teck 公司提供的 OnMark 平台存在嚴重安全性漏洞後所做出的。
Main Body
The process of buying the On-Screen Marking (OSM) system was marked by a steady decrease in technical requirements. After two failed attempts to find a provider, the August 2025 tender lowered the minimum scanning quality and removed the requirement for robotic scanners. Furthermore, the board ignored recommendations to run small regional tests and instead launched the system nationwide only 74 days after awarding the contract.
採購螢幕閱卷 (OSM) 系統的過程標誌著技術要求的持續下降。在兩次尋找供應商失敗後,2025 年 8 月的招標降低了最低掃描品質,並取消了對機器人掃描器的要求。此外,委員會無視了進行小規模區域測試的建議,而是在授予合約後僅 74 天便在全國範圍內啟動該系統。
Investigations revealed that the security certificates provided by Coempt Edu Teck were incorrect. One certificate belonged to a different university and had already expired. Another certificate was for a temporary version of the software and explicitly stated that the main servers were not yet secure. Consequently, neither document proved that the system was safe for CBSE's specific needs.
調查顯示,Coempt Edu Teck 提供的安全認證是不正確的。其中一份認證屬於另一所大學且已經過期。另一份認證則是針對軟體的臨時版本,並明確指出主伺服器尚未安全。因此,這兩份文件都無法證明該系統能滿足 CBSE 的特定需求且安全性達標。
Later, independent researchers found severe technical flaws. In February 2026, one researcher discovered a master password that allowed users to bypass security checks. In May 2026, another researcher found a 'SQL injection' flaw, which allowed unauthorized access to student marks and evaluator bank details. The researcher emphasized that the company reused passwords across different clients, showing a major failure in how they managed security.
隨後,獨立研究人員發現了嚴重的技術缺陷。2026 年 2 月,一名研究人員發現了一個主密碼,允許用戶繞過安全檢查。2026 年 5 月,另一名研究人員發現了一個「SQL 注入」漏洞,允許未經授權地訪問學生分數和閱卷員的銀行詳細資料。該研究人員強調,該公司在不同客戶之間重複使用密碼,顯示其在安全管理方面存在重大失效。
Conclusion
CBSE has stopped using external hosting for its evaluation process and has switched to an internally managed system. Meanwhile, government investigations into how the contract was awarded are still ongoing.
CBSE 已停止在其評核過程中使用外部託管,並切換至內部管理系統。與此同時,政府對於合約授予過程的調查仍在進行中。
Vocabulary Learning
🚀 Leveling Up: From Simple Lists to "Cause & Effect"
An A2 student says: "The security was bad. The board ignored tests. The system failed."
A B2 speaker connects these ideas to show how one thing leads to another.
Look at this specific transition from the text:
*"Consequently, neither document proved that the system was safe..."
🛠 The Power Word: Consequently
Instead of using "so" (which is very A2), use Consequently. It tells the reader: "Because of the facts I just mentioned, this specific result happened."
The Logic Bridge:
Incorrect Certificates Expired Documents System not proven safe
💡 Expanding Your Toolkit
To move toward B2, replace your basic connectors with these "Professional Bridges":
| Avoid (A2) | Use Instead (B2) | Example from Context |
|---|---|---|
| And | Furthermore | "Furthermore, the board ignored recommendations..." |
| But | Meanwhile | "Meanwhile, government investigations... are still ongoing." |
| So | Consequently | "Consequently, neither document proved..." |
🎓 Pro Tip: The "Passive Shift"
B2 English often focuses on the action rather than the person.
- A2 Style: "The board awarded the contract." (Active/Simple)
- B2 Style: "...74 days after awarding the contract." or "...how the contract was awarded." (Focuses on the process)
Try this: Next time you describe a problem, don't just list what happened. Use Furthermore to add a detail and Consequently to explain the result.