Subj : Millions of airline customers possibly affected by OAuth security To : All From : TechnologyDaily Date : Wed Jan 29 2025 16:30:07 Millions of airline customers possibly affected by OAuth security flaw Date: Wed, 29 Jan 2025 16:03:00 +0000 Description: The bug has since been mitigated, but users should still take care. FULL STORY ======================================================================A travel service, integrated into many airline service providers, carried a security flaw This could be abused to log into people's accounts and change their bookings It has since been reported and mitigated A popular, top-tier travel service for hotel and car rentals was vulnerable to a flaw which allowed malicious actors to take over anyones account, a new report from API security firm Salt Labs has claimed. By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make matters worse, since the service is integrated into dozens of commercial airline online services, it would also allow miscreants to spend airline loyalty points, and more. Salt Labs said millions of people could be at risk, but that it did not want to say the name of the affected service. Stealing session cookies Here is how a theoretical attack would work: A malicious actor would create a custom-tailored link and share it with the victim via usual channels (for example, email). The victim would click on the link, leading to the rental service provider, which would ask it to log in with the credentials associated with the airline service provider. At that point, the rental platform generates a second link, and sends the victim back to the airlines website, to log in using OAuth. OAuth (Open Authorization) is an open standard for secure access delegation, allowing applications to access a user's data on another service without exposing their credentials. Because of the custom-built link, the authentication response is returned to the attackers, including the users session token, which grants them access to the platform. "Since the manipulated link uses a legitimate customer domain (with manipulation occurring only at the parameter level rather than the domain level), this makes the attack difficult to detect through standard domain inspection or blocklist/allowlist methods," the researchers said in their write-up. Salt Labs disclosed its findings to the affected service, which confirmed the flaw and deployed a fix. You might also like Ransomware attack forces US government contractor ENGlobal to shut down some operations Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/millions-of-airline-customers-possibly- affected-by-oauth-security-flaw --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .