Authorization Required

Before proceeding, you must confirm that you are authorized to use this security research tool.

Terms of Use

This tool performs automated credential recovery against the TSBIE portal. It is intended exclusively for:

  • Students recovering their own hall ticket data
  • Security researchers conducting authorized audits
  • Educators demonstrating authentication vulnerabilities
Unauthorized use to access third-party data without consent may violate applicable laws including the IT Act, 2000 (India).

You must accept the terms to proceed

roll-recovery v2.0
Ready Star on GitHub
Security Research Proof of Concept

TSBIE Auth
Vulnerability PoC

Demonstrating how missing rate-limiting and DOB-only authentication on public student portals enables automated credential recovery โ€” without any server-side protection.

0
Rate Limits
0
CAPTCHAs
~5m
Full Enum
1
Auth Factor

No Rate Limiting

Unlimited automated requests with zero throttling, CAPTCHA, or lockout mechanism.

Critical

DOB Enumeration

Authentication relies solely on date of birth โ€” a low-entropy value easily brute-forced.

High

PII Exposure

Name, photo, college, exam center and subjects accessible to any unauthenticated requester.

High

Remediation

CAPTCHA, OTP verification, and rate limiting would fully mitigate this attack vector.

Fix Available
Security Audit Console

Launch Audit

Configure the automated recovery parameters below

Automated
10-digit TSBIE roll number
0ms โ€” no throttling5000ms

Audit in Progress

Connecting
0Requests
0%Coverage
โ€”Testing
0sElapsed
Activity Log
0 entries
Waiting for audit to start...

Record Located

Hall ticket successfully recovered from the TSBIE portal

Roll Number
Date of Birth
Attempts
Time Taken
How It Works

Methodology

01

Identify the target

Provide the 10-digit TSBIE roll number for the record to be audited.

02

Define the enumeration range

Set the DOB range to test. 2008โ€“2009 covers the majority of current Inter students.

03

Execute the latency test

The tool submits automated requests. Setting delay to 0ms demonstrates the complete absence of server-side throttling.

04

Retrieve the record

On a successful match, the full hall ticket is returned โ€” confirming the vulnerability is exploitable.

Security Assessment

Vulnerability Details

ParameterCurrent StateRecommended
Rate Limitingโœ• Noneโœ“ โ‰ค 5 req/min
CAPTCHAโœ• Absentโœ“ reCAPTCHA v3
Account Lockoutโœ• Not implementedโœ“ After 5 failures
OTP Verificationโœ• Not requiredโœ“ SMS / Email OTP
Auth Factorโœ• DOB onlyโœ“ Multi-factor
FAQ

Research Notes

What data is exposed by this vulnerability?

Full name, father's and mother's name, date of birth, photograph, signature, college name, exam center, subjects and examination schedule.

How quickly can the enumeration complete?

With 0ms request interval, a full year of dates completes in approximately 5โ€“6 minutes. This demonstrates the severity of the missing rate-limit control.

Does the portal detect or block automated requests?

No. As of the time of this research, the TSBIE portal has no rate limiting, CAPTCHA, or request throttling in place.

What is the recommended remediation?

Implement server-side rate limiting (e.g. 5 requests/minute per IP), add CAPTCHA on the form, and introduce OTP-based secondary verification tied to a registered mobile number.

Is this tool legal to use?

This tool is intended for authorized security research, personal data recovery, and educational purposes only. Using it to access third-party data without consent may violate the IT Act, 2000 (India) and other applicable laws.

roll-recovery

Built by @codewithriza ยท View on GitHub

For authorized security research and data recovery only. Misuse is prohibited.

MIT License Node.js โ‰ฅ 18 Open Source