Cybersecurity researchers revealed a critical vulnerability in a widely used online travel service for hotel and car rentals, which allowed attackers to take over user accounts. The flaw, now patched, could let hackers interact with users' accounts to book services using their airline loyalty points, modify bookings, or perform other unauthorized actions. Exploitation involved sending malicious links, and the vulnerability could potentially impact millions of airline users due to its integration with various commercial airline services.
"By exploiting this flaw, attackers can gain unauthorized access to any user's account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf..."
The shortcoming can be weaponized trivially by sending a specially crafted link that can be propagated via standard distribution channels..."
Collection
[
|
...
]