Security researcher Dhiraj Mishra discovered the vulnerability, and informed CERT-In, the country’s nodal agency to deal with cybersecurity threats. The agency acknowledged the bug and it was patched silently. [Read: Mozilla launches a VPN app for Android and Windows] The website was vulnerable to SharePoint RCE (Remote Code Execution) — code CVE-2019-0604 — which was discovered last year. The exploit allows attackers to run arbitrary code on the server to affect operations of the site. Mishra said attackers can gain access to data such as employee logins: Last year, a group called Emissary Panda targeted several Middle Eastern government websites using the SharePoint RCE bug. According to India’s IT minister, RS Prasad, a total of 48 government websites were hacked in 2019. However, security researchers believe the number was much higher than that.
