Researchers discovered a major security vulnerability in online flight ticket booking system that affected almost half of the fight travelers around the world.
The Vulnerability was discovered by Noam Rotem , an Isreal security researcher when he was trying to book a flight in ELAL Israel Airlines.
He uncovered this critical flaw in the widely used ticket booking system Amadeus that allows anyone to access and change private information on flight bookings for 141 airlines.
Amadeus referred as one of the largest reservation systems, serving for 141 airlines including world-leading airline customers of British Airways, Air France, Icelandair, Qantas etc.
This same vulnerability was discovered include 44% of the international carriers market including United Airlines, Lufthansa, Air Canada, and many more that affects tens of millions of travelers.
This could allows anyone can edit and change someone’s ticket reservation for any Airline which is used Amadeus reservation system by just having booking reference number.
Vulnerability in the Ticket Booking System
Researcher uncovered this vulnerability by analyse the link he received that associated with ticket booking system(PNR: https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE.)
Here, by changing the RULE_SOURCE_1_ID, researchers access any customers PNR and access the customer name and associated flight details.
It was made the process easy to log into ELAL’s customer portal With the help of PNR and customer name and anyone could make changes..
“This control allows claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service”
Researchers from Safety Detective research lab execute a simple script that exposed the PNR numbers and was able to find active numbers in Amadeus.
Another non-threatening script proves that the system was vulnerable to brute-force attack due to lacking captchas and passwords protection security systems.
Amadeus replied, “At Amadeus, we give security the highest priority and are constantly monitoring and updating our systems. Our technical teams took immediate action and we can now confirm that the issue is solved. To further strengthen security, we have added a Recovery PTR to prevent a malicious user from accessing travelers’ personal information. We regret any inconvenience this situation might have caused.”