Flight Booking System Exposes Boarding Pass Details
An Insecure Direct Object Reference (IDOR) flaw in the Amadeus flight booking system is compromising travellers’ privacy by exposing their boarding pass details. IDOR occurs when an application provides direct access to objects based on user-supplied input, bypassing expected authentication and user access controls. The IDOR flaw in Amadeus’ ticketing system resides in the check-in URL, where an attacker can view the boarding pass of another user by changing the customer’s ID number in the URL. Amadeus’ ticketing system, which is used by 141 international airlines, has already issued a patch for the bug to prevent possible abuse.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services