• About
  • Advertise
  • Careers
  • Contact
Sunday, February 5, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Major Flaw Allows Attackers To Cancel Tickets On IRCTC Website

by Cyber360 News
November 11, 2019
in Security
0
Major Flaw Allows Attackers To Cancel Tickets On IRCTC Website
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

The website of the Indian Railways has been a subject of ridicule owing to the various security flaws that have been discovered in its website over the years. When it comes to protecting user data, the website has been lacking in many ways.

The website was previously hacked in 2016 when the details of over 1 crore users were leaked. Last year, Kanishk Sanjani, an ethical hacker had ordered food from the IRCTC website for Rs 7. This vulnerability remained unpatched for well over 7 months even after informing concerned authorities.

jamf now

Recently, a cybersecurity enthusiast and student of Karunya University, Ronnie T Baby, contacted Fossbytes to shed light on a major vulnerability he found in the revamped IRCTC website. The flaw enabled Ronnie to access details of millions of users and cancel any booked tickets.

The bug in the website was found in its reset password option that automatically sent an OTP to the registered mobile number once user ID was entered. The site did have a captcha to prevent any brute-forcing attempts but allowed the reuse of captchas for infinite requests.

This weakness allowed attackers to brute-force OTP and log into users’ accounts. Once logged in, attackers could gain access to sensitive user details and cancel tickets.

Bruteforcing attacks involve the use of a large database of passwords that are used to systematically find the correct passkey. The process was further simplified as the OTPs’ being sent to mobile numbers were a 6 digit numeric code (ex 972856).

jamf now

This means that the OTP would be found within a maximum of 999999 attempts which is not much considering the computing power of modern PC’s. Coupled with the reuse of valid captchas, the website could be broken into with ease using a freely available pen testing tool such as Burp.

The issue was fixed by authorities after a few weeks of being notified. The question still remains, when will this lax attitude of government organizations towards cybersecurity change?

Also Read: This 19-Year-Old WinRAR Flaw Lets Hackers Load Malware To PCs
Cyber360 News

Cyber360 News

Next Post
This 19-Year-Old WinRAR Flaw Lets Hackers Load Malware To PCs

This 19-Year-Old WinRAR Flaw Lets Hackers Load Malware To PCs

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In