DeFi Daily News
Sunday, October 19, 2025
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home Other News Tech

Researchers discover bug allowing fake pilots to be added to TSA check rosters

Wes Davis by Wes Davis
September 8, 2024
in Tech
0 0
0
Researchers discover bug allowing fake pilots to be added to TSA check rosters
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article

A pair of security researchers, Ian Carroll and Sam Curry, made a startling discovery regarding a vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. This bug allowed individuals with basic knowledge of SQL injection to manipulate the systems, potentially granting unauthorized access to airline rosters and security checkpoints, posing a serious threat to airline safety and security.

Carroll and Curry uncovered the vulnerability while investigating a third-party website belonging to FlyCASS, a vendor that provides access to the TSA’s Known Crewmember (KCM) and Cockpit Access Security System (CASS) for smaller airlines. By inserting a simple apostrophe into the username field, they triggered a MySQL error, indicating that the username was directly inserted into the login SQL query, making it susceptible to SQL injection attacks.

Upon further investigation, Carroll and Curry confirmed the presence of SQL injection and were able to exploit the vulnerability using tools like sqlmap. By inputting specific credentials, they managed to gain administrator access to the FlyCASS system, granting them unrestricted control over airline crew records and photos.

Once inside the system, Carroll noted that there were no additional security checks or authentication measures in place, allowing them to freely manipulate crew records and photos for any airline using FlyCASS. This posed a grave security risk, as unauthorized individuals could potentially exploit the vulnerability to gain access to secure airport areas, compromising airline safety protocols.

In response to these findings, TSA press secretary R. Carter Langston denied the severity of the issue, stating that the agency does not solely rely on the compromised database for flight crew authentication. Langston reassured the public that only verified crew members are granted access to secure airport areas, downplaying the potential risks associated with the vulnerability.

<DeFi Daily News> is your go-to source for the latest updates and trending news articles in the world of decentralized finance. Stay informed and stay ahead of the curve with DeFi Daily News!

In conclusion, the discovery of this vulnerability in the TSA’s login systems highlights the critical importance of robust cybersecurity measures in aviation and transportation industries. The ease with which Carroll and Curry were able to exploit the system underscores the need for continuous vigilance and proactive security protocols to safeguard sensitive data and infrastructure from potential threats. While the TSA’s response may downplay the severity of the issue, it serves as a stark reminder of the ever-evolving nature of cyber threats and the constant need for organizations to prioritize cybersecurity practices and risk mitigation strategies. By staying informed and adopting best practices in cybersecurity, we can help mitigate the risks posed by vulnerabilities like the one uncovered by Carroll and Curry, ensuring the safety and security of critical systems and services.



Source link

Tags: AddedAllowingbugCheckDiscoverFakepilotsResearchersrostersTSA
ShareTweetShare
Previous Post

#1 Secret To True Wealth [BitBoy Crypto Sunday Sermon]

Next Post

Experts Predict Legal Challenges for Meme Coin Takeover Teams – Decrypt

Next Post
Experts Predict Legal Challenges for Meme Coin Takeover Teams – Decrypt

Experts Predict Legal Challenges for Meme Coin Takeover Teams - Decrypt

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
Why Outlet Malls Are Struggling In The U.S.

Why Outlet Malls Are Struggling In The U.S.

July 16, 2024
rewrite this title Berkshire Hathaway to buy Occidental’s OxyChem for .7 billion, in Buffett’s biggest deal in three years

rewrite this title Berkshire Hathaway to buy Occidental’s OxyChem for $9.7 billion, in Buffett’s biggest deal in three years

October 2, 2025
Live Coverage of Triathlon Decision at Olympics 2024 as Beth Potter and Alex Yee Compete for Gold

Live Coverage of Triathlon Decision at Olympics 2024 as Beth Potter and Alex Yee Compete for Gold

July 31, 2024
rewrite this title Während BlackRock Geldanlagen tokenisiert, wird PepeNode das Mining revolutionieren! | Bitcoinist.com

rewrite this title Während BlackRock Geldanlagen tokenisiert, wird PepeNode das Mining revolutionieren! | Bitcoinist.com

October 14, 2025
Use rhino.fi to make payments with cryptocurrency and maintain your anonymity

Use rhino.fi to make payments with cryptocurrency and maintain your anonymity

August 14, 2024
TopStep Discount Code

TopStep Discount Code

September 17, 2024
rewrite this title The Police of the Future on the Roads: Autonomous Police Vehicle with Drone Capability

rewrite this title The Police of the Future on the Roads: Autonomous Police Vehicle with Drone Capability

October 19, 2025
rewrite this title Stubborn Titans keeping team from necessary full rebuild

rewrite this title Stubborn Titans keeping team from necessary full rebuild

October 19, 2025
rewrite this title 40 Days Of Deadlock: US Shutdown Risks ETF Delay Amid Soaring Demand

rewrite this title 40 Days Of Deadlock: US Shutdown Risks ETF Delay Amid Soaring Demand

October 18, 2025
rewrite this title 6M In Sell Pressure: Why Bitcoin And Ethereum Prices Crashed

rewrite this title $536M In Sell Pressure: Why Bitcoin And Ethereum Prices Crashed

October 18, 2025
rewrite this title Messi’s hat trick all but clinches MLS Golden Boot

rewrite this title Messi’s hat trick all but clinches MLS Golden Boot

October 18, 2025
rewrite this title Grayscale calls Solana ‘crypto’s financial bazaar’: Does the data back it up?

rewrite this title Grayscale calls Solana ‘crypto’s financial bazaar’: Does the data back it up?

October 18, 2025
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.