Being young doesn’t stop you from being a genius. And this has been proved by a 17-year-old from Chennai. He has spotted anomalies in several world-class websites such as IRTCTC, LinkedIn, United Nations, Nike, and many more.
P Ranganathan, a plus-two student in a private school in Tambaram, recently helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug in its online ticketing platform. The bug he identified could have exposed millions of passengers and their private information.
He informed the Railway authorities that the critical Insecure Object Direct References (IODR) vulnerability on the website helped him access other passengers’ journey details.
Ranganathan came across the vulnerability while he was logging into the IRCTC site to book a ticket. There, he could access the details of other passengers that could compromise the security features of the website. These details included the name, gender, age, PNR number, train details, departure station, and date of the journey of all the passengers.
Also, read: This Man Has Been Impersonating Female Voice To Make Railway Announcements For Years!
As a result, any random hacker could have ordered food in the name of another passenger, changed the boarding station, and even canceled the ticket without the knowledge of the passenger, as the back end code was the same. More than this, there was the risk of the database of millions of passengers being compromised or leaked.
So, immediately Ranganathan reported the matter to the Computer Emergency Response Team (CERT), and the IRCTC was alerted. Later on, within five days, the concerned authorities fixed the issue.
Similarly, Ranganathan had earlier received acknowledgments from Linkedin, the United Nations, Nike, and several others for alerting them of the vulnerabilities in their websites.
What a resourceful chap! We are hoping that he’s going to ace cyberspace with his hawk eyes for the greater good.