CBSE denies security breach in OSM evaluation system after student hacker’s claims

The Central Board of Secondary Education (CBSE) on Tuesday clarified that the portal allegedly compromised by a student hacker was only an internal testing platform and not the actual On Screen Marking (OSM) system used for evaluating Class 12 board examination answer sheets.

The clarification came after 19-year-old student and ethical hacker Nisarga Adhikary claimed on social media platform X and in a detailed blog post that he had bypassed parts of the CBSE OSM portal’s login and access-control systems. The claims triggered questions around the security of the board’s newly introduced digital evaluation system.


CBSE introduced the On Screen Marking system this year for the evaluation of Class 12 answer sheets.

CBSE says actual evaluation portal was not affected

In a statement posted on X, CBSE said the URL identified in the social media posts, “cbse.onmark.co.in”, was not the portal used for actual evaluation work.

“At the outset, it is clarified that the Portal used for evaluation of answer-books bore a different URL, which has neither been compromised nor does it have the vulnerabilities indicated in the said social media post,” CBSE said.

The board stated that the flagged website was “the testing site only with sample data for internal testing and review purposes”.

“There are no actual evaluation data, marks or other data held on that portal. The Board emphasises that no security breaches have come to light on the Portal deployed for the actual evaluation work,” the statement added.

CBSE further said the On Screen Marking system had been introduced “for enhanced transparency in assessments with strong grievance redressal mechanisms built into it”.

Student contests CBSE’s claim

Following the clarification, Adhikary disputed the board’s assertion that the accessed platform only contained testing data.

“If this was test data - how I was able to log in with prod user data completely? I have a screen recording of it and proof of CERT-In acknowledging it,” he said in a post on X.

The student also claimed that multiple domains under the OnMark system, including cbse1.onmark.co.in, cbse2.onmark.co.in, cbse3.onmark.co.in and cbse4.onmark.co.in, reflected similar vulnerabilities.

He said the issues had been reported privately to the Indian Computer Emergency Response Team (CERT-In) months earlier.

The posts circulated widely online, with cybersecurity professionals, students and educators raising concerns over the security architecture of the examination evaluation system.

OSM portal already under scrutiny over answer-sheet complaints

The clarification comes at a time when CBSE’s On Screen Marking system is already facing scrutiny over complaints linked to scanned answer sheets and re-evaluation requests.

According to CBSE data, the board received 4,04,319 applications from students seeking scanned copies of evaluated answer scripts. More than 11.31 lakh answer books were requested by Class 12 students, out of which 8,98,214 copies have already been shared. CBSE said the remaining requests are expected to be fulfilled by May 27.

The issue gained attention after a Class 12 student, Vedant, alleged on social media that the handwriting in the scanned physics answer sheet uploaded under his roll number did not match his own.

Several students later raised similar concerns and questioned discrepancies in uploaded answer scripts and aggregate scores.

CBSE subsequently acknowledged mismatches in some answer sheets and said corrected copies would be sent to students through their registered email addresses.

Amid concerns regarding technical glitches in the re-evaluation portal, Union Education Minister Dharmendra Pradhan had earlier announced that technical experts from the Indian Institute of Technology Madras (IIT Madras) and Indian Institute of Technology Kanpur (IIT Kanpur) would assist CBSE in strengthening the portal infrastructure.

Ready to navigate global policies? Secure your overseas future. Get expert guidance now!