Advertisement
CISA Breaks Silence on Controversial Airport Security Bypass
Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.
Menu
Front Page Breaking News Comments Flagged Comments Recently Flagged User Blogs Write a Blog Entry Create a Poll Edit Account Weekly Digest Stats Page RSS Feed Back Page
Subscriptions
Read the Retort using RSS.
RSS Feed
Author Info
lamplighter
Joined 2013/04/13Visited 2024/10/23
Status: user
MORE STORIES
Trump Wanted Generals Like Hitler's (12 comments) ...
Microsoft says RU smearing Harris with deepfake video, AI (4 comments) ...
This Is Why You Don't Recognize Your State Government (2 comments) ...
NYC Is Paying for Migrants to Leave, TX Is Top Destination (3 comments) ...
A Calculator's Most Important Button Has Been Removed (7 comments) ...
Alternate links: Google News | Twitter
Admin's note: Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.
More from the article...
... In late August, researchers Ian Carroll and Sam Curry disclosed the details of an SQL injection vulnerability that could allegedly allow threat actors to bypass certain airport security systems. The security hole was discovered in FlyCASS, a third-party service for airlines participating in the Cockpit Access Security System (CASS) and Known Crewmember (KCM) programs. KCM is a program that enables Transportation Security Administration (TSA) security officers to verify the identity and employment status of crewmembers, allowing pilots and flight attendants to bypass security screening. CASS allows airline gate agents to quickly determine whether a pilot is authorized for an aircraft's cockpit jumpseat, which is an extra seat in the cockpit that can be used by pilots who are commuting or traveling. FlyCASS is a web-based CASS and KCM application for smaller airlines. Carroll and Curry discovered an SQL injection vulnerability in FlyCASS that gave them administrator access to the account of a participating airline. According to the researchers, with this access, they were able to manage the list of pilots and flight attendants associated with the targeted airline. They added a new employee' to the database to verify their findings. ...
The security hole was discovered in FlyCASS, a third-party service for airlines participating in the Cockpit Access Security System (CASS) and Known Crewmember (KCM) programs.
KCM is a program that enables Transportation Security Administration (TSA) security officers to verify the identity and employment status of crewmembers, allowing pilots and flight attendants to bypass security screening. CASS allows airline gate agents to quickly determine whether a pilot is authorized for an aircraft's cockpit jumpseat, which is an extra seat in the cockpit that can be used by pilots who are commuting or traveling. FlyCASS is a web-based CASS and KCM application for smaller airlines.
Carroll and Curry discovered an SQL injection vulnerability in FlyCASS that gave them administrator access to the account of a participating airline.
According to the researchers, with this access, they were able to manage the list of pilots and flight attendants associated with the targeted airline. They added a new employee' to the database to verify their findings. ...
#1 | Posted by LampLighter at 2024-09-08 04:41 PM | Reply
Post a commentComments are closed for this entry.Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy | Copyright 2024 World Readable
Comments are closed for this entry.
Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy | Copyright 2024 World Readable
