More
    36.1 C
    Delhi
    Friday, March 29, 2024
    More

      RailTel Fixes Vulnerabilities Impacting Official Site and Email System

      RailTel, the public sector enterprise that operates under the railway ministry and is known for providing Internet access at train stations, has fix a list of serious vulnerabilities impacting its website.

      One of the issues could have allow a hacker to reset a password of its email account holders, according to a security researcher.

      The RailTel site was also using an outdate version of the content management system Joomla that is impact by a list of vulnerabilities, including the ones that can be exploite to let attackers gain root-level access or operate the site as an administrator.

      Security researcher Sunny Nehra discover various flaws impacting the RailTel site in early May.

      The researcher said that a bad actor could hack the email accounts since the organisation was not using a no-rate limit for the one-time password (OTP) mechanism available on its email password reset page.

      The limit is meant to restrict attackers from using various password combinations to eventually find the correct one.

      In addition to the absence of the no-rate limit, the email system could allegedly be attack using the response manipulation technique that attackers could leverage to bypass authentication.

      The RailTel site was also using the Joomla version 3.4.2 that was release back in 2015.

      That particular release has impact by many known vulnerabilities.

      Sunny Nehra said the site was impact by a vulnerability that is track as CVE-2015-8562 and was exploite by some attackers in December 2015.

      Sunny Nehra Said :

      “The flaw leads to root access or complete hacking of the vulnerable server,”.

      Shortly after spotting the issues, the researcher disclose the vulnerabilities to RailTel and inform India’s Computer Emergency Response Team (CERT-In) and National Critical Information Infrastructure Protection Centre (NCIIPC) on 6th May 2022.

      ALSO READ  Wakefit.co Uses AI to Bring Alive the Kid Version of Bollywood star Ayushmann Khurrana in Its New Brand Campaign

      The CERT-In and NCIIPC last week confirm to the researcher that the issues were patch by the enterprise.

      It also confirmed that its site was currently running on the latest stable release of Joomla platform.

      RailTel runs a service called RailWire to offer free Wi-Fi access at railway stations in the country.

      It partner with Google in 2016 to kick off a public Wi-Fi initiative called Google Station.

      The partnership, though, end in May 2020.

      RailTel has continue to provide free Wi-Fi service at hundreds of railway stations.

      In 2017, the RailWire service was name as the worst affected service provider by the WannaCry ransomware by antivirus company eScan.

      Aside from providing Internet access, RailTel in the recent past introduce technologies including an artificial intelligence (AI) based attendance system for government schools in Assam.

      Related Articles

      LEAVE A REPLY

      Please enter your comment!
      Please enter your name here

      Stay Connected

      18,730FansLike
      80FollowersFollow
      718SubscribersSubscribe
      - Advertisement -

      Latest Articles