A recent security vulnerability in an online travel service utilized by several major commercial airline platforms has raised concerns about the safety of user accounts. The flaw, known as an OAuth redirect vulnerability, has the potential to be exploited by malicious actors to hijack user accounts, putting millions of online airline users at risk. This vulnerability allows attackers to impersonate victims and make unauthorized bookings, potentially using the victim’s loyalty points to book hotels or car rentals. The issue arises when a user logs in through an airline service, which then redirects to a travel service for authentication.
This particular vulnerability is concerning due to its ease of exploitation. Attackers can simply send a specially crafted link that users may unwittingly click on, granting the attacker immediate access to their account once the login process is completed. The vulnerability lies in the redirect flow between the airline service and the hotel and car rental platform, where the victim’s session token can be manipulated to be sent to a malicious site controlled by the attacker.
The severity of this flaw is highlighted by the potential risk it poses to users’ personal information and accounts. Because the manipulation occurs at the parameter level rather than the domain level, the attack is difficult to detect. By using a legitimate customer domain in their attack, attackers can evade detection through standard domain inspection or blocklisting techniques. This subtlety makes the flaw particularly dangerous, as it can bypass traditional security measures like blocklists or allowlists, making it challenging for users and security systems to identify malicious activity.
The vulnerability was discovered by API security firm Salt Labs, which has stressed the increasing threat of service-to-service interactions being targeted in API supply chain attacks. These types of attacks exploit vulnerabilities in third-party integrations to breach systems and access sensitive customer data. Salt Labs has emphasized the importance of enhancing security measures, especially in services involving third-party integrations, to prevent unauthorized account access and mitigate the potential risks associated with vulnerabilities like the OAuth redirect vulnerability.
In conclusion, the disclosure of this security vulnerability in an online travel service used by commercial airline platforms highlights the need for heightened security measures to protect user accounts and personal information. The potential for attackers to exploit this flaw and compromise user accounts underscores the importance of ongoing vigilance and robust security protocols to safeguard against such threats in the ever-evolving cybersecurity landscape.