# CBSE On-Screen Marking (OSM) Controversy: OSINT Report

## 1. Executive Summary
The CBSE On-Screen Marking (OSM) system, used for Class 12 board exams in 2026, has been the subject of significant controversy due to technical vulnerabilities and alleged procurement irregularities. This report consolidates findings from OSINT investigations into the vendor, the system's architecture, and the scanning process.

## 2. Vendor Profile
*   **Vendor Name:** Coempt EduTeck Pvt. Ltd. (formerly Globarena Technologies Pvt. Ltd.).
*   **Location:** Hyderabad, Telangana.
*   **Background:** A long-standing provider of examination and digital evaluation services. They have previously faced legal challenges and controversies in Telangana (2019 Intermediate results row), though the CEO claims they were cleared by courts.
*   **Key Products:** OneX, OnMark, EzyTest, DigiTab.

## 3. System Architecture & Vulnerabilities
The OSM portal (`cbse.onmark.co.in`) is a web-based Angular Single Page Application (SPA). Detailed technical analysis by security researcher **Nisarga Adhikary** revealed critical flaws:
*   **Authentication Bypass:** Hardcoded master passwords in the frontend JavaScript bundles.
*   **Broken OTP Validation:** OTP checks were performed in the browser rather than server-side.
*   **Access Control Issues:** IDOR (Insecure Direct Object Reference) allowed unauthorized access to internal routes.
*   **Data Exposure:** Potential exposure of student answer scripts and examiner details.

## 4. The "Android App" Question
While no public Android app exists on the Google Play Store or APK repositories (APKPure, APKMirror, Koodous, VirusTotal), OSINT suggests:
*   **Center-Level Scanning:** Tenders originally specified high-speed "Automatic Book/Robotics Scanners." However, 2026 tender modifications "vague-d down" these requirements.
*   **Mobile Usage:** Evidence from student investigations (Sarthak Sidhant) suggests that some centres may have used **mobile phones tied to stands** for scanning answer scripts due to the lack of specialized equipment.
*   **Private Apps:** Coempt's "DigiTab" product is likely a tablet-based evaluation app, potentially distributed as a private APK directly to designated evaluation centres.

## 5. Procurement Irregularities
Investigation into CBSE's e-bidding process (RFP dated Aug 2025) reveals:
*   **Favoritism Allegations:** Specific clauses (e.g., related to "cumulative volume" vs. "single largest contract") appear to have been modified to benefit vendors with fragmented university contracts (like Coempt) over larger players like TCS.
*   **Penalties:** High penalties (₹50,000/day) for delay in scanning may have led to rushed and low-quality captures.

## 6. Archived Evidence
Full evidence, including tender documents, internal automation scripts (accidentally exposed on GitHub), and technical write-ups, is archived and available at the following public collection:
*   **Public URL:** https://zo.pub/cashlessconsumer/cbse-onmarks-evidence

---
*Report generated by Zo OSINT Agent for Cashless Consumer*
[^1]: https://ni5arga.com/blog/posts/hacking-cbse
[^2]: https://github.com/Sarthak-Sidhant/coempt
[^3]: https://coempt.in/