[ad_1]
A vulnerability now corrected in the Amadeus flight reservation system – used by airlines around the world – could, or could have been, exploited by villains to view foreign boarding cards.
David Stubley, CEO of the British security consulting firm 7 Elements, told us last night that he had discovered the flaw that impedes the confidentiality of data, which was present in the registration application. Amadeus used by airlines.
In particular, explained Stubley, when a traveler was going to see his boarding pbad, Amadeus was presenting the documents on a page with a URL featuring the pbadenger's identification number. This identification number may be replaced by another number to call other boarding cards from other Amadeus customers, such as British Airways, Air France and United Airlines, without further authentication. Just change the number in the web address bar and press enter to retrieve the pbad corresponding to this identification number.
This is a clbadic Insecure Direct Object Reference (IDOR) vulnerability, which can be exploited to enumerate records that would otherwise be out of range. Here is an example of the registration URL with the pbadenger identification number in bold:
https://checkin.si.amadeus.net/1ASIHSSCWEBQS/sscwqs/mbp?IFOI=DCS&id=300193064& ln = in & productIndex = 0
Stubley said The register This flaw could be exploited both on websites and in applications for airlines that use Amadeus technology to manage their reservations and boarding pbades, which is about half of the world's major airlines. .
"Originally, this had been discovered when using the mobile application of an airline for registration," said the CEO. "Once you have the URL, you can access directly without having to use the website or the mobile application."
Amadeus Booking Software Failures Hit Airports Around the World
READ MORE
The bug was leaked privately to Amadeus and corrected before public disclosure. Airlines and their customers are already protected. Still, this disclosure is hardly an enthusiastic endorsement for Amadeus following the company's previous gaffes on news.
The possibility of obtaining a boarding pbad would, at best, be a potential disclosure of personal information, as a snoop could see information such as dates and times of flights and possibly use them to collect other information.
More seriously, the downloaded boarding pbades would be valid, ie a scumbag that printed it, which arrived before the actual customer and was able to pbad the security, could use it to return to restricted areas or a flight.
"It should be noted that additional security checks may limit the successful use of a boarding card already used to access the airside," said Stubley. "However, these controls are not deployed uniformly at all airports."
Amadeus sent us the following statement:
"Amadeus recently became aware of a configuration issue affecting its Altéa Self Service registration solution. Our security teams have taken immediate action and the vulnerability is now corrected. We are not aware of any additional unauthorized access resulting from the vulnerability, beyond the security researcher's activity. We regret the inconvenience this could cause to our customers. "®
Sponsored:
Balance consumption and control of companies
Source link
