Transport

Flaw in E-Ticketing System Exposes Passenger Details

13 - 20 August 2019

A security flaw in British Airways e-ticketing system could expose passenger data
Cyber_News_Transport

A security flaw in British Airways e-ticketing system could expose passenger data, including their flight details and personal information. The flaw resides in the flight check-in links that British Airways sends to its passengers. The link URL parameters contain the passenger’s booking reference and surname, which are sent over the network unencrypted. The check-in link, which can be intercepted by an attacker in the same network, provides automatic access to the passenger account, exposing information such as itineraries and flight details. The flaw has since been fixed after responsible disclosure in July 2019.

 

References:

British Airways Sending Vulnerable Check-in Links

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence