Last Updated on 22/11/2021 by Nidhi Khandelwal
Image courtesy; Legal Wires
CyberX9, a cyber security start-up, claimed to have alerted CDSL and CVL to a system vulnerability, which took 7 days to rectify. According to a CVL insider, the vulnerability was quickly patched and did not result in any data breaches or hacking. According to the source, CVL data systems were audited and vulnerabilities were proactively corrected.
“CVL got a vulnerability alert on its website, which has now been fixed.” “CVL took immediate steps to mitigate the vulnerability and is working aggressively to resolve any other potential security issues,” CDSL told news outlets.
“It was discovered for the second time”
According to reports, CyberX9, a Chandigarh-based consultancy firm, claimed that the vulnerability was not particularly complicated and that the firm had detected it for the second time.
CDSL exposed very sensitive personal and financial information of around 43.9 million (approximately 4.39 crore) Indian investors. The information that was leaked belongs to those who completed their market securities KYC. For investing in assets such as stocks, mutual funds, and bonds in India, you must go through a KYC process,” it stated.
“Before publishing the fix, we double-checked that it was no longer exploitable.” On October 29th, our research team went back to work and discovered an easy and full bypass for the workaround that CDSL implemented to patch the previously reported vulnerability in just a few minutes. “Our vulnerability report was also acknowledged by CERT-In and NCIIPC,” CyberX9 claimed on its blog.
