Home / News / Indian state government addresses website vulnerabilities that exposed residents’ confidential documents

Indian state government addresses website vulnerabilities that exposed residents’ confidential documents

A state government in India has successfully addressed security vulnerabilities on its website, ensuring the protection of sensitive documents and personal information belonging to millions of residents.

There were some issues found on the Rajasthan government website that pertained to Jan Aadhaar, a state program aimed at providing a unique identifier to families and individuals in order to access welfare schemes. Several vulnerabilities led to the exposure of sensitive personal information, including Aadhaar cards, birth and marriage certificates, electricity bills, and income statements. The data breach also included personal details like date of birth, gender, and father’s name.

In December, security researcher Viktor Markopoulos discovered bugs in the Jan Aadhaar portal and reached out to for assistance in disclosing the findings to the authorities.

Last week, the bugs were successfully resolved with the assistance of the Indian Computer Emergency Response Team, also known as CERT-In.

A security flaw enabled unauthorized access to personal documents and information by simply knowing the registrant’s phone number.

According to the researcher, the server’s failure to properly validate one-time passwords resulted in the return of sensitive data.

We contacted the Jan Aadhaar Authority of the Rajasthan government on December 22 and sent a follow-up message a week later. However, we have not received a response yet. After shared the bug details with CERT-In, it was confirmed on Thursday that the bugs had been fixed.

The agency informed us that they have received a response from the concerned authority confirming that the reported vulnerability has been fixed. The researcher has also confirmed the solution.

We contacted the Rajasthan government for comment prior to publication, but we have not received a response.

The state’s Jan Aadhaar portal, which was launched in 2019, boasts a staggering number of over 78 million individual registrants and 20 million families. A new portal has been launched in the northern state of Rajasthan, providing residents with a convenient way to access state government welfare schemes. The portal’s goal is to offer a streamlined experience with the motto “One Number, One Card, One Identity.”. In contrast, the central government-backed Unique Identification Authority, or UIDAI, offers the regular Aadhaar card for enrollment to eligible individuals throughout India.

About John Cusak

At first researching gadgets and technology was just a hobby, but it quickly became a lifestyle and a full-time job.

Check Also

The Air Force has abandoned its attempt to install a directed-energy weapon on a fighter jet, marking another failure for airborne lasers

The U.S. military’s most recent endeavor to create an airborne laser weapon, designed to safeguard …