The well-known security researchers Ian Carroll and Sam Curry have uncovered serious vulnerabilities in the FlyCASS system. This is a web-based management system used by smaller airlines to manage the Known Crewmember (KCM) and Access Security System (CASS).
The KCM program allows authorized flight personnel to bypass regular security checks at airports, while CASS regulates access to the cockpit of aircraft. The vulnerability discovered by the researchers allows hackers to log in as administrators through a so-called SQL injection attack, whereby any person can be added as a KCM or registered in CASS. In practice, this could allow unauthorized persons to bypass security checks and even get into the cockpit of an aircraft. FlyCASS is mainly used by US airlines. It is unclear whether european airlines are also affected.
Following their alarming discovery, Carroll and Curry informed the US Department of Homeland Security (DHS). This was on April 24, 2024, and a day later the Department confirmed that it was looking for a solution. FlyCASS was shut down on July 5, 2024, meaning the vulnerability persisted for more than two months after the DHS was notified.
The above is the detailed content of Serious security gap uncovered at airports. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
