RailTel, the public sector business that operates under the railway ministry and is well-known for providing internet access at train stations, has identified a string of serious issues that may have entail a hacker''s password, according to a security researcher. One of the problems could have allowed a hacker to reset his email account holders'' password.
Sunny Nehra, a security researcher, discovered several flaws on the RailTel site in early May. He informed Gadgets 360 that one of the issues might have allowed hackers to have access to the email accounts of RailTel employees by changing their passwords.
The researcher said a bad actor might hysteria the email accounts since the organization was not using a no-rate limit for the one-time password (OTP) mechanism available on its email password reset page. This restriction is intended to stoke users from using various password combinations to eventually find the correct one.
Out of the absence of the no-rate limit, the email system might be allegedly attacked utilizing the response manipulation technique that attackers might use to bypass authentication.
The RailTels mailing system was completely secure, according to Nehra on Gadgets 360. It has now turned down the password reset page.
The RailTel site was also using Joomla version 3.4.2, which was first released in 2015. This particular release has been impacted by several known shortcomings, according to the official website.
Nehra said the site was damaged by a vulnerability that is tracked as CVE-2015-8562 and was exploited by several attackers in December 2015.
The root access or complete hacking of the vulnerable server is a factor, according to a researcher. Other serious deficiencies of the outdated Joomla version have also impacted the site.
Nehra shared three proof-of-concept videos with Gadgets 360 to explain the flaws.
On May 6, a researcher disclosed the vulnerabilities to RailTel and informed Indias Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Center (NCIIPC) and the CERT-In last week confirmed to the researcher that the issues were resolved by the business.
RailTel and Gadgets 360 have also clarified the changes.
According to a prepared statement, the RailTels website is under a Web application firewall and is loaded with a host-based antivirus. Dead attackers cannot exploit vulnerabilities, if any, and cannot upload shells to our website. We would like to mention that there has been no investigation into any data breach.
It also confirmed that its site was currently operating on the most recent stable version of the Joomla platform.
Aside from the fact that there is currently no issue related to the email account (railtelindia.com domain) compromise, it has stated.
RailTel has launched a public Wi-Fi initiative called Google Station in 2016 and has since ended its partnership with the public internet. It has continued to provide free Wi-Fi access at hundreds of railway stations, however.
The WannaCry ransomware was labeled the RailWire service as the worst affected service provider by eScan, an antivirus company.
RailTel has recently introduced artificial intelligence (AI) based attendance system for government colleges in Assam out of providing internet access.
