In: Teen helps IRCTC fix bug that could expose passenger’s private information

DNA reports:

A 17-year-old student in a private school in Chennai’s Tambaram has helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug in its online ticketing platform, which could have exposed millions of passengers and their private information.

Ranganathan said that the critical Insecure Object Direct References (IODR) vulnerability on the website helped him to access the journey details of other passengers.


The teenager had earlier got acknowledgements from Linkedin, the United Nations, Nike, and several others for alerting them of the vulnerabilities in their websites.

Read more on DNA and someone please give this kid a bug bounty and a paying job!

About the author: Dissent

Comments are closed.