May 26, 2026
Board exams, but make it chaos
Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal
A school exam portal allegedly had a secret ‘magic password’ and the internet is stunned
TLDR: A young security researcher says CBSE’s exam-marking portal had an incredibly dangerous login flaw that could have exposed examiner accounts and threatened grading integrity. Online, people are split between calling it absurd incompetence, fearing abuse may have already happened, and watching the denials-and-counterclaims drama unfold.
The real fireworks here are not just in the bug report, but in the comment section. A Class 12 student-turned-hobby security researcher says CBSE’s online marking portal — the system used to help grade major school exams — exposed a shockingly simple way to get around login checks, including what he describes as a plain-text master password sitting in public code. For a platform tied to the exam process of millions of students, that allegation instantly sent people into full panic mode.
And wow, the community mood is a mix of disbelief, rage, and dark comedy. One commenter basically said: this is so wildly careless that it’s hard to keep calling it mere incompetence. Another went straight to the nightmare scenario, wondering whether this “backdoor” might already have been abused and joking grimly about black-market grade upgrades. Others zoomed out and turned it into a bigger indictment of India’s education system, calling the whole thing a “shit-show” and linking it to a culture of exam leaks and cheating.
But there’s also drama: one commenter says denials and counterclaims are already flying around on X, which means the story has now entered the classic internet phase of receipts, rebuttals, and chaos. The funniest running joke? People treating the alleged master password like some cursed cheat code for the country’s report cards. It’s funny until you remember the stakes: if true, this wasn’t just sloppy — it could have put trust in a massive public exam system on the line.
Key Points
- •The article alleges critical vulnerabilities in CBSE’s On-Screen Marking portal used for Class 12 exam evaluation.
- •The author says the issues were discovered on 25 February 2026 and reported to CERT-In before publication.
- •According to the article, the portal appears to be built on the OnMark platform, reportedly developed by Coempt EduTeck Pvt Ltd.
- •The write-up says the portal is an Angular application whose frontend JavaScript bundle was publicly accessible without login.
- •The first vulnerability described is a plaintext hardcoded master password in the client-side bundle that allegedly bypassed the OTP-based authentication flow.