Wednesday, February 21, 2024

141 Airlines Worldwide Affected by Biggest Security Vulnerability – Tens of Millions of Flight Travelers Affected

Researchers discovered a major security vulnerability in online flight ticket booking system that affected almost half of the fight travelers around the world.

The Vulnerability was discovered by Noam Rotem , an Isreal security researcher when he was trying to book a flight in ELAL Israel Airlines.

He uncovered this critical flaw in the widely used ticket booking system Amadeus that allows anyone to access and change private information on flight bookings for 141 airlines.

Amadeus referred as one of the largest reservation systems, serving for 141 airlines including world-leading airline customers of British Airways, Air France, Icelandair, Qantas etc.

This same vulnerability was discovered include 44% of the international carriers market including United Airlines, Lufthansa, Air Canada, and many more that affects tens of millions of travelers.

This could allows anyone can edit and change someone’s ticket reservation for any Airline which is used Amadeus reservation system by just having booking reference number.

Vulnerability in the Ticket Booking System

Researcher uncovered this vulnerability by analyse the link he received that associated with ticket booking system(PNR: https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE.)

Here, by changing the RULE_SOURCE_1_ID, researchers access any customers PNR and access the customer name and associated flight details.

It was made the process easy to log into ELAL’s customer portal With the help of PNR and customer name and anyone could make changes..

“This control allows claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service”

Researchers from Safety Detective research lab execute a simple script that exposed the PNR numbers and was able to find active numbers in Amadeus.

Another non-threatening script proves that the system was vulnerable to brute-force attack due to lacking captchas and passwords protection security systems.

Amadeus replied, “At Amadeus, we give security the highest priority and are constantly monitoring and updating our systems. Our technical teams took immediate action and we can now confirm that the issue is solved. To further strengthen security, we have added a Recovery PTR to prevent a malicious user from accessing travelers’ personal information. We regret any inconvenience this situation might have caused.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

New Mingo Malware Attacking Linux Redis Servers To Mine Cryptocurrency

The malware, termed Migo by the creators, attempts to infiltrate Redis servers to mine cryptocurrency on...

Security Onion 2.4.50 Released for Defenders With New Features

Security Onion Solutions has recently rolled out the latest version of its network security...

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin...

LockBit Ransomware Members Charged by Authorities, Free Decryptor Released

In a significant blow to one of the most prolific ransomware operations, authorities from...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles