Data of 3.8 crore users was in danger due to this deficiency of DigiLocker.

One after another, major flaws are coming to light in government apps, due to which hackers can easily access the personal data of millions of citizens. After CSC BHIM website, now similar questions are being raised on DigiLocker also. DigiLocker is a government online service that provides the facility to store documents digitally. However, a flaw was found in authentication, due to which the data of crores of users was at risk. By taking advantage of this flaw, hackers could bypass two-step authentication and access anyone’s sensitive data. However, as soon as the flaw was discovered, it was fixed. The thing to note is that this government service is used by 3.84 crore users, if this flaw had not come to light, then anyone could have easily misused the data of all these users.

Security Researcher Ashish Gehlot pointed out this shortcoming of DigiLocker. Expose did. He found this flaw in the DigiLocker system while analyzing the authentication mechanism. However, the researchers found that the default mechanism when logging in to digital storage asks for a one-time password (OTP) and PIN. But, he managed to bypass this process, added the Aadhaar number to it and changed the parameters, intercepting the connection to DigiLocker.

Anyone with technical knowledge can take advantage of this authentication loophole to set a new PIN and even be able to access the DigiLocker account, that too without any password. Apart from this, through this flaw, hackers can also access the user profile by bypassing the OTP process and can also make many changes using intercepting tools.

Let us tell you, Gehlot had noticed this deficiency in DigiLocker last month, after which he informed the DigiLocker team also. The team fixed this lack of PIN bypass within a few days. However, the OTP bypass flaw has been fixed on Monday.

Available on DigiLocker site statistics If we look at it, 3.84 crore registered users use this platform. Many documents like Aadhar card, insurance letter, income tax return, mark sheet are stored on this platform.