“...the web portal of CVL is vulnerable to Insecure Direct Object References. It was initially observed that on the login page of CVL, there was a possibility of getting access to the details of another user by changing the reference ID of the user,” the Ministry of Finance wrote in response to a question by Indian National Congress MP Manish Tewari in the winter session of Lok Sabha. The ministry also shed light on how the vulnerability was fixed “by encrypting the reference ID, the reply added. The Central Depository Services Limited (CDSL) is one of the two SEBI-regulated depositories that hold securities like shares, mutual funds, and bonds in electronic format. Nearly 600 stockbrokers who collectively have over 4 crore investor accounts are associated with CDSL. CDSL Ventures (CVL) is a government-approved KYC registration agency owned by CDSL. A second vulnerability was found in CVL which was promptly fixed by the firm and the same was conveyed to the Indian Computer Emergency Response Team (CERT-In). The ministry also revealed that a forensic audit of CVL was conducted at the direction of the Securities and Exchange Board of India (SEBI). The ministry clarified that “there was no authorization vulnerability in any of the Application Programming Interfaces (APIs) and/or website of Central Depository Services Ltd. (CDSL)”. [embed]https://twitter.com/digitaldutta/status/1465219264713871364?t=af9Q3TOAbeL5ywbhJjF5JQ&s=08[/embed] It is the first time that a vulnerability has been acknowledged by the government in critical infrastructure such as an agency that holds the data of lakhs of investors. Why was this question raised in…
Finance Ministry identifies weak link in CDSL that put sensitive data of investors at risk
The ministry’s answer in parliament revealed new details about a critical flaw at India’s largest securities depository.
- Indian crypto exchanges plan to collect identity details for crypto transfers to private wallets: Report June 3, 2023
- Jugalbandi, A Chatbot for Rural India by Microsoft and EkStep: What to Know and Think About? June 3, 2023
- Hopeful to See Action Against E-Pharmacies Selling Medicines Online Without Licenses: Pharmacy Body Writes to States and UTs June 3, 2023
- Meta to give advertisers more control using AI and content filters June 2, 2023
- Transparency Report: Here’s all Facebook, Instagram, Twitter and Google had to say about user complaints in April June 2, 2023
MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.
Is it safe to consider all "publicly available data" as public?
PhonePe launched an e-commerce buyer app for ONDC called Pincode. We, however, believe that it should also launch a seller app.
Amazon announced that it will integrate its logistics network and SmartCommerce services with the Open Network for Digital Commerce (ONDC).
India's smartphone operating system BharOS has received much buzz in the media lately, but does it really merit this attention?
After using the Mapples app as his default navigation app for a week, Sarvesh draws a comparison between Google Maps and Mapples
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
Twitter takes down tweets from MP, MLA, editor criticising handling of pandemic upon government request
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...