Thiruvananthapuram: A Kerala youth has discovered a serious security flaw in the web server of IIT Delhi, a premier institute in science and technology, higher education and research in India.
Through the security flaw, hackers could gain access to the admin login which gives complete access to the website, usernames and passwords of thousands of students and confidential details of employees including academic staff.
Cyber expert Rishi Mohandas, a Kannur native, spotted the flaw using SQL injection, one of the most common web hacking techniques.
When the flaw was brought to their notice, the institute authorities have temporarily closed three sub-websites. Though the passwords of two students and academic staff were encrypted using MD5 algorithm, they could have been easily decoded.
In the IIT, the students’ login is key to access crucial activities, including exams.
Earlier, Rishi had detected security flaws in the web servers of Kannur and Kerala universities too.
The flaws in the university websites could provide hackers access to exam results and internal marks.
Rishi works as customer support executive in Aster DM Healthcare in Dubai.