Bengaluru, India – June 19, 2025 – Cybersecurity researchers at Seconize, a leading provider of cyber risk and compliance automation solutions, have responsibly disclosed a significant security vulnerability in the Indian Railway Catering and Tourism Corporation (IRCTC) platform, which exposed sensitive personal data of its users. The vulnerability has since been patched by IRCTC following the disclosure.
The flaw, discovered during a responsible security analysis by Seconize’s research team, involved a misconfigured userID parameter in IRCTC’s web services. This issue allowed authenticated users to gain unauthorized access to the personal details of other users — including full names, email addresses, mobile numbers, and partial residential information — simply by manipulating the parameter value in API requests.
Seconize followed responsible disclosure practices and reported the vulnerability to IRCTC, who promptly acknowledged the issue and released a fix, thereby mitigating any risk of exploitation.
“We are committed to securing the digital ecosystem by responsibly identifying and reporting vulnerabilities that could impact public safety and privacy,” said Chethan Anand, CEO and Co-Founder of Seconize. “We appreciate IRCTC’s prompt response and collaboration in resolving this issue swiftly.”
The incident underscores the critical need for robust input validation and access control in public-facing systems, especially those that serve millions of users across the country.
About Seconize
Seconize is a cybersecurity company focused on automating Governance, Risk, and Compliance (GRC) through its flagship product, Seconize DeRisk Center. The company helps organizations proactively identify, assess, and remediate security and compliance risks through continuous monitoring and automation.
Read the full blog post here.
For media inquiries, please contact:
hello@seconize.co
www.seconize.co
Related
Recent Posts
Copyright © 2024 Seconize Technologies Pvt Ltd. All rights reserved.
Recent Comments