Advertisement

Drudge Retort: The Other Side of the News
Sunday, September 08, 2024

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

More

Comments

Admin's note: Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.

More from the article...

... In late August, researchers Ian Carroll and Sam Curry disclosed the details of an SQL injection vulnerability that could allegedly allow threat actors to bypass certain airport security systems.

The security hole was discovered in FlyCASS, a third-party service for airlines participating in the Cockpit Access Security System (CASS) and Known Crewmember (KCM) programs.

KCM is a program that enables Transportation Security Administration (TSA) security officers to verify the identity and employment status of crewmembers, allowing pilots and flight attendants to bypass security screening. CASS allows airline gate agents to quickly determine whether a pilot is authorized for an aircraft's cockpit jumpseat, which is an extra seat in the cockpit that can be used by pilots who are commuting or traveling. FlyCASS is a web-based CASS and KCM application for smaller airlines.

Carroll and Curry discovered an SQL injection vulnerability in FlyCASS that gave them administrator access to the account of a participating airline.

According to the researchers, with this access, they were able to manage the list of pilots and flight attendants associated with the targeted airline. They added a new employee' to the database to verify their findings. ...



#1 | Posted by LampLighter at 2024-09-08 04:41 PM | Reply

Comments are closed for this entry.

Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy | Copyright 2024 World Readable

Drudge Retort