Allegations of Security Vulnerabilities within the CBSE On-Screen Marking Infrastructure
關於 CBSE 螢幕評分基礎設施存在安全漏洞之指控
Introduction
A cybersecurity researcher has alleged that the Central Board of Secondary Education's (CBSE) digital evaluation portal contains critical security flaws, a claim the board has formally contested.
一名網路安全研究人員指稱,中央中等教育委員會 (CBSE) 的數位評分門戶網站存在嚴重安全缺陷,該委員會已正式對此說法提出異議。
Main Body
The controversy centers on assertions made by Nisarga Adhikary, a 19-year-old who identifies as a software engineer. Adhikary posits that the On-Screen Marking (OSM) system, implemented for Class 12 examinations to mitigate manual totaling errors and accelerate evaluation, possesses a hard-coded 'master password' within its frontend JavaScript bundle. He contends that this vulnerability facilitates the circumvention of One-Time Password (OTP) verification, thereby granting unauthorized access to examiner accounts. According to Adhikary, such access would permit the modification of student marks, the alteration of examiner profiles, and the large-scale extraction of sensitive data. Furthermore, he alleges the existence of approximately 40 broken access control vulnerabilities and a deficient password-reset mechanism.
此次爭議的核心在於一名 19 歲且自稱為軟體工程師的 Nisarga Adhikary 所提出的主張。Adhikary 認為,為了減少人工加總錯誤並加速評分而針對 12 年級考試實施的螢幕評分 (OSM) 系統,在其前端 JavaScript 封裝中包含了一個硬編碼的「主密碼」。他主張此漏洞可使使用者繞過一次性密碼 (OTP) 驗證,進而獲取考官帳號的未經授權訪問權限。根據 Adhikary 的說法, such 訪問權限將允許修改學生分數、更改考官個人資料以及大規模提取敏感數據。此外,他指稱系統中存在約 40 個存取控制漏洞,且密碼重設機制存在缺陷。
In response to these claims, the CBSE has maintained a position of denial regarding any compromise of the live evaluation infrastructure. The administration characterized the affected URL as a testing site utilized exclusively for internal review with sample data, asserting that the actual production portal remains secure. This institutional rebuttal is contested by Adhikary, who claims to have accessed production data and hijacked the account of a verified educator during his analysis. These security allegations coincide with broader systemic criticisms; students have previously reported technical irregularities, including illegible scans and the misattribution of answer sheets, the latter of which the CBSE acknowledged as a technical error in one specific instance. Adhikary stated that his investigation was prompted by these public grievances and that he reported his findings to the Indian Computer Emergency Response Team (CERT-In) in February.
針對這些指控,CBSE 堅持否認正式評分基礎設施遭到入侵。管理層將受影響的 URL 定義為僅用於內部審查及存放樣本數據的測試網站,並聲稱實際的生產門戶網站仍然安全。然而,Adhikary 對此機構的反駁提出質疑,他聲稱在分析過程中已訪問了生產數據並盜用了某位認證教育者的帳號。這些安全指控與更廣泛的系統性批評同時發生;學生此前曾報告技術異常,包括掃描件模糊以及答題紙歸屬錯誤,後者在一個特定案例中被 CBSE 承認是技術錯誤。Adhikary 表示,他的調查是由這些公眾抱怨所觸發,並於 2 月將其發現報告給印度電腦緊急應對小組 (CERT-In)。
Conclusion
The situation remains a conflict of assertions between an independent researcher claiming systemic insecurity and the CBSE maintaining the integrity of its production environment.
目前的情況仍是獨立研究人員聲稱系統不安全,與 CBSE 主張其生產環境完整性之間的說法衝突。
Vocabulary Learning
The Architecture of Hedges and Formality in Adversarial Narratives
To ascend from B2 to C2, a student must move beyond merely reporting facts to mastering nuance, epistemic modality, and strategic distancing. In the provided text, the author avoids taking a side in a conflict, employing a sophisticated linguistic shield to maintain objectivity while describing an accusation.
⚡ The 'Verbal Buffer' Phenomenon
C2 English utilizes specific verbs and nouns to create a 'buffer' between the writer and the truth-claim. Notice the strategic deployment of:
- Assertions / Allegations / Claims: Rather than stating "the system is broken," the author states "the controversy centers on assertions." This transforms a factual claim into a subject of discussion.
- Posits / Contends: These are not mere synonyms for 'says.' To posit suggests the proposal of a theory for the sake of argument; to contend implies a firm position held in the face of opposition.
🔍 Semantic Precision: 'Mitigate' vs. 'Reduce'
While a B2 student might use "reduce errors," the C2 writer chooses "mitigate manual totaling errors."
- Mitigation implies making something less severe or painful, often used in technical or legal contexts (e.g., mitigating circumstances). It acknowledges that the risk still exists but has been managed—a crucial distinction in high-level academic and technical writing.
🛠️ Syntactic Complexity: The Nominalized Chain
Observe this sequence: "This institutional rebuttal is contested by Adhikary..."
Instead of a simple clause ("The board denied it, but Adhikary disagreed"), the writer uses Nominalization (turning a verb into a noun). "Rebuttal" replaces "the act of rebutting." This allows the writer to treat an entire action as a single object, which can then be modified by a precise adjective (institutional), creating a dense, formal, and authoritative tone.
C2 Transition Tip: Stop focusing on who did what (Subject Verb Object) and start focusing on what concept is interacting with which other concept (Abstract Noun Passive Verb Agent).