By Hera Rizwan Nilabh Rajpoot, a cyber security researcher, was booking his train ticket via IRCTC portal when he discovered a significant security flaw. The bug was found in its insurance portal that permitted unauthorised access to passengers’ travel details and allowed modifications to nominee information in the insurance policy. The IRCTC portal, or Indian Railway Catering and Tourism Corporation portal, is an online platform operated by IRCTC, a subsidiary of Indian Railways. It serves multiple functions including ticket booking, tourism services, ticket cancellation and viewing PNR statu…