Indian state authorities fixes web site bugs that uncovered residents’ delicate paperwork and private info

An Indian state authorities has fastened safety points impacting its web site that uncovered the delicate paperwork and private info of thousands and thousands of residents.

The bugs existed on the Rajasthan authorities web site associated to Jan Aadhaar, a state program to supply a single identifier to households and people within the state to entry welfare schemes. The bugs uncovered the copies of Aadhaar playing cards, start and marriage certificates, electrical energy payments and earnings statements associated to registrants, in addition to private info comparable to their date of start, gender and father’s identify.

Safety researcher Viktor Markopoulos, working for cybersecurity firm CloudDefense.ai, discovered the bugs within the Jan Aadhaar portal in December and requested TechCrunch for assist in disclosing to the authorities.

The bugs had been fastened final week via an intervention by the Indian Laptop Emergency Response Crew, or CERT-In.

One of many bugs allowed anybody to entry private paperwork and knowledge with information of a registrant’s cellphone quantity.

The opposite bug allowed the return of delicate information as a result of the server was not correctly checking the validity of one-time passwords, the researcher defined.

TechCrunch reached out to the Rajasthan authorities’s Jan Aadhaar Authority on December 22 and adopted up every week later, however didn’t obtain a response. TechCrunch subsequently shared the small print of the bug with CERT-In, which confirmed on Thursday that the bugs had been fastened.

“This is to inform you that we have received a response from the concerned authority that the reported vulnerability has been fixed,” the company informed TechCrunch. The researcher additionally confirmed the repair.

TechCrunch reached out once more to the Rajasthan authorities for remark forward of publication, however we now have not heard again.

The state’s Jan Aadhaar portal, which launched in 2019, says it has greater than 78 million particular person registrants and 20 million households. The portal goals to supply “One Number, One Card, One Identity” to residents within the northern state of Rajasthan for accessing state authorities welfare schemes. This contrasts with the common Aadhaar card, out there for enrollment to eligible people throughout India and supplied by the central government-backed Distinctive Identification Authority, or UIDAI.