Skip to content

Rajasthan resolves critical vulnerabilities in Jan Aadhaar portal

  • by
  • 2 min read

The Indian state of Rajasthan has successfully remedied security issues that had left its Jan Aadhaar portal susceptible to unauthorised access, potentially exposing the sensitive information of millions of Indian citizens enrolled in the state program.

The Jan Aadhaar initiative, launched in 2019, serves as a unique identifier for families and individuals in Rajasthan, facilitating access to various welfare schemes.

The vulnerabilities were discovered by security researcher Viktor Markopoulous of CloudDefense.ai in December, raising concerns about the exposure of essential documents such as Aadhar cards, birth and marriage certificates, electricity bills, and income statements.

Personal details, including date of birth, gender, and father’s name, were at risk. The researcher then asked TechCrunch to disclose the identified security flaws to the relevant authorities responsibly.

After the disclosure, the Indian Computer Emergency Response Team (CERT-In) successfully patched the bug. According to Markopoulos, one of the vulnerabilities allowed unauthorised access to several personal data with the knowledge of a registrant’s phone number.

The other flaw enabled the retrieval of sensitive data due to a lapse in the server’s validation of one-time passwords.

Uidai refutes huffpost's claims, says report lacks substance & is baseless

TechCrunch reached out to the Rajasthan government on December 22 and got no response from them even after subsequent follow-ups. TechCrunch took the responsible step of sharing the details with CERT-In, India’s premier agency in cybersecurity and related affairs.

CERT-In confirmed on Thursday that the bug has been patched, and the vulnerabilities have been rectified. “This is to inform you that we have received a response from the concerned authority that the reported vulnerability has been fixed,” stated the agency.

As per TechCrunch, Markopoulos independently confirmed the successful resolution of the issues.

Jan Aadhaar portal plays a pivotal role in providing a streamlined approach for residents in Rajasthan to access various state government schemes. The scheme saw over 78 million registrations of over 20 million families.

In October 2023, in one of the biggest breaches, the data of more than 80 crore Indians surfaced on the dark web. In other news, scammers impersonate Delhi police and attempt to phish Aadhaar and bank details.

In the News: Rario shuts its Cricket NFTs sparking investors outcry

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of data breach featured cybersecurity 113 e1666861228304

Sensitive information of over 5.5 million patients stolen from Yale Health

This is an image of data breach cyber security 239847238978

Lazarus threat actors breach six South Korean companies

This is an image of cyber security hacked breach

“Educational” toolkit for evading Microsoft Office 365 MFA being sold online

This is an image of dark web hacker security

Cybercriminals are using the Pope’s death to preach malware

This is an image of phishing featured storyblocks

North Korean IT workers are using deepfakes to get jobs

This is an image of cisco 3289sd

Cisco confirms several products affected by RCE flaw

>