Millions of airline customers possibly affected by OAuth security flaw




  • A travel service, integrated into many airline service providers, carried a security flaw
  • This could be abused to log into people’s accounts and change their bookings
  • It has since been reported and mitigated

A “popular, top-tier” travel service for hotel and car rentals was vulnerable to a flaw which allowed malicious actors to take over anyone’s account, a new report from API security firm Salt Labs has claimed.

By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make matters worse, since the service is integrated into “dozens” of commercial airline online services, it would also allow miscreants to spend airline loyalty points, and more.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *