HomeNewsCyberX9 claimed to have patched a bug in CDSL

CyberX9 claimed to have patched a bug in CDSL

-

Last Updated on 22/11/2021 by Nidhi Khandelwal

Image courtesy; Legal Wires

CDSL Ventures (CVL), a subsidiary of prominent demat services provider CDSL, claims to have rectified a “vulnerability” in its systems that may have made it a hacker target. CVL performs KYC-related work for CDSL and thus has access to data on millions of Indian stock market investors.

CyberX9 claimed to have patched a bug in CDSL 1
image courtesy; cyber X9

CyberX9, a cyber security start-up, claimed to have alerted CDSL and CVL to a system vulnerability, which took 7 days to rectify. According to a CVL insider, the vulnerability was quickly patched and did not result in any data breaches or hacking. According to the source, CVL data systems were audited and vulnerabilities were proactively corrected.

“CVL got a vulnerability alert on its website, which has now been fixed.” “CVL took immediate steps to mitigate the vulnerability and is working aggressively to resolve any other potential security issues,” CDSL told news outlets.

“It was discovered for the second time”

According to reports, CyberX9, a Chandigarh-based consultancy firm, claimed that the vulnerability was not particularly complicated and that the firm had detected it for the second time.

CyberX9 claimed to have patched a bug in CDSL 2
Image courtesy; shutter Stock

CDSL exposed very sensitive personal and financial information of around 43.9 million (approximately 4.39 crore) Indian investors. The information that was leaked belongs to those who completed their market securities KYC. For investing in assets such as stocks, mutual funds, and bonds in India, you must go through a KYC process,” it stated.

“Before publishing the fix, we double-checked that it was no longer exploitable.” On October 29th, our research team went back to work and discovered an easy and full bypass for the workaround that CDSL implemented to patch the previously reported vulnerability in just a few minutes. “Our vulnerability report was also acknowledged by CERT-In and NCIIPC,” CyberX9 claimed on its blog.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

How to recover data from Office 365? Best data protection standards...

0
You've made the switch to Office 365 to reap the benefits of the cloud.  It is just as important to ensure that your data is...