The University of Mumbai’s Institute of Distance and Open Learning (IDOL) is an institute which offers a distinct approach to obtain graduate and post-graduate degrees. Thousands of students join this institute every year. I myself joined this institute a few months ago! You can join it as well by simply heading to their Login Page, registering a new account and innocently following the admission procedure. But that is not what this blog post is about, is it?!
I have found a dangerous personal information security flaw in IDOL’s website. You might as well call this as a vulnerability for IDOL’s students. It lets you download Identity Card of any student who has taken admission in IDOL. The terrifying problem is that this ‘Identity Card’ contains details like Full Name, Father’s Name, Mother’s Name, RESIDENTIAL ADDRESS, Email Address, TELEPHONE NUMBER, MOBILE NO, Signature, etc. It also contains the STUDENT’S PHOTOGRAPH!
There is no kind of security at all! Anyone can create an account on their website and enter random application ids and download their private information! If you keep on trying this for a long time, who knows, you might even find details about me! One can easily created automated bots and scripts and download thousands of students’ information, and even sell them to some criminal!
Below I have uploaded some screenshots which show how one can download information about random students.
I have also uploaded ten sample identity cards which were downloaded from IDOL’s website using a newly created blank account. This proves that giving your private details to IDOL is not safe at all as any criminal can get access to them and harass you! Do know that I shall not be liable to the damage caused to these innocent people and others as well due to IDOL’s lack of security.
The security flaw in IDOL’s website – http://idol.mahaonline.gov.in/ – which I have mentioned in this post has been present since years and is currently present as well. I can only hope that this comes to their notice and they decide to do something about it.
Until then, will you still continue as an IDOL student?! Comment below what are your thoughts regarding this delicate topic, as I would love to hear them out. Also, share this with your friends who are somehow affiliated to the University of Mumbai’s Institute of Distance and Open Learning and make them aware of this terrible personal information security flaw which could possibly put their lives to risk!