Summary: A recently identified and patched vulnerability in a popular online travel service could have allowed attackers to take control of user accounts, potentially jeopardizing millions of airline customers. The flaw enables unauthorized actions, including booking or canceling reservations via compromised accounts. This issue underscores significant security risks in third-party integrations within the travel industry.
Affected: Popular online travel service for hotel and car rentals
Keypoints :
- Attackers could exploit a flaw to gain unauthorized access to user accounts.
- Users can be redirected to a fraudulent site via manipulated authentication parameters.
- The vulnerability emphasizes the need for improved security protocols in service-to-service interactions.
Source: https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html