A serious data privacy breach on the DU admit card 2020 download portal was noted by two Twitter users. Personal details of all Delhi University students are now easily available to the public.
New delhi, July 2:
Early on Thursday, two Twitter users pointed out the serious data privacy breach problems arising in the DU admit card 2020 download portal, which is part of the official Delhi University website.
Anyone with the ‘gateway password’ can download the admit cards of all students in any Delhi University college.
To get their DU admit cards for the upcoming DU open book exams (OBE) for final-year students, students need to fill in the details on three slots — ‘exam roll no’, ‘student name’ and ‘gateway password’ — on this online portal.
The problem is that the ‘gateway password’ is a single password for each Delhi University college. So each student of a DU college can get access to the personal details of all other students in that college simply by getting the student name and corresponding roll numbers through the list available from the previous semester DU results.
This data breach leaves sensitive information on each admit card such as student name, phone number, and home address easily available to all the students in a particular DU college, and even the wider world who have access to the gateway password.
Twitter users Vivek Prasad and Ribhav explained the matter on Twitter with all relevant screenshots from the DU admit card download portal.
College code is ‘gateway password’
What makes matter worse is that the gateway password is itself not very hidden or unique.
As Twitter user Ribhav noted, the gateway password is the same as the college code, and college codes of all DU colleges are also easily available on the public domain or shared amongst many students.
This makes the DU online portal privacy breach even more serious as anyone in the world could have access to the personal details of all Delhi University students who filled the form to appear for the upcoming DU open book exams slated for July.
ADVERTISEMENT
“And this college gateway password can be shared with anyone and everyone in the whole wide world, who will then gain similar access to all the admit cards with addresses, phone numbers and emails! WHAT was DU thinking??” wrote Vivek on Twitter.
MAJOR privacy disaster. For DU admit cards:
College code: public
Roll no is linked to name: public, from Semester result sheets.
This used to be individual-login protected earlier, now free for all.
