PM Kisan leaked Aadhaar numbers of more than 110 million farmers

PM Kisan website provides a dashboard feature to view various charts and data. An endpoint in the dashboard was leaking Aadhaar numbers of all the farmers based on region (state, district, village).

Pradhan Mantri Kisan Samman Nidhi is an initiative by the government of India in which all farmers will get up to ₹6,000 per year as minimum income support.

An attacker could have easily gathered all the data by writing a basic script.

Impact

According to the PM Kisan website and recent reports, more than 11 crore farmers are registered on the platform. So a leak could have affected more than 110 million farmers.

Summary

  • Due to lack of authorization, an endpoint in the PM Kisan website leaked Aadhaar numbers.
  • The issue was responsibly reported to CERT-In
  • PM Kissan has now taken down the vulnerable endpoint.
  • The number of affected farmers is more than 11 crore.

Timeline

Jan 29, 2022: Reported to CERT-In

Jan 31, 2022: CERT-In replied with the reference number and forwarded the report to the concerned authorities

Feb 26, 2022: CERT-In mentioned fixing of vulnerability is still not confirmed by the concerned entity and they have already escalated this matter for appropriate action with the concerned authority.

May 28, 2022: Sent a mail to CERT-In confirming that the issue has been fixed.

May 30, 2022: CERT-In thanked for the report.

--

--

--

Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How the Left uses language to not say what they mean.

Israel lets more goods into Gaza

Prospects for the UK and the pound

The Rajiv Gandhi phenomena in Indian Elections 2019

A life for impact

. “We pursue strategic relations independent of international developments and based on mutual…

Exclusive-Ukraine investigates deportation of children to Russia as possible genocide

Exclusive-Ukraine investigates deportation of children to Russia as possible genocide

Food Security: How it can be improved on

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Atul Nair

Atul Nair

Security Researcher

More from Medium

Solar-Powered Microbes: A Promising Technology to Feed the World

Solar-Powered Microbes

My Most Memorable Feedback

At the end of the week.

I Improved the Overall Customer Success of a Local Florist