A 17-year-old boy from Chennai has helped fix a bug on Indian Railways’ online ticketing platform. That bug would have exposed millions of travelers and their private information. But Ranganathan’s vigilance has noticed the bug and helped millions of passengers. Ranganathan attends a private school in Tambaram, Chennai. While booking tickets online, he noticed a bug on the Indian Railway Catering and Tourism Corporation’s online ticketing platform. This bug could have exposed millions of passengers and their private information.
Ranganathan says, “While booking tickets online, he got information about other passengers through a serious insecure object direct reference on the website. It contained many details including other passengers’ names, genders, ages, PNR numbers, train information, destinations and travel dates. He was also able to change the information of others. This bug allows anyone to access other people’s information and add other information to it. This can lead to problems for the safety of the people, ”he said.
Ranganathan further says, “Since the back end code is the same, a hacker can order a meal in the name of another passenger, change the boarding station and even cancel his ticket without the passenger’s information. Importantly, this could lead to a change in the database of millions of passengers, as well as the risk of database leaks. ”
IRCTC officials said, “Ranganathan had reported the matter to the Computer Emergency Response Team on August 30 and the IRCTC was alerted. The bug was removed within five days of his complaint. ” Meanwhile, Ranganathan had earlier pointed out bugs on the United Nations, Nike and several other websites. As a result, he was well-received by many.