DeFi Daily News
Tuesday, October 21, 2025
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home Other News Tech

Researchers discover bug allowing fake pilots to be added to TSA check rosters

Wes Davis by Wes Davis
September 8, 2024
in Tech
0 0
0
Researchers discover bug allowing fake pilots to be added to TSA check rosters
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article

A pair of security researchers, Ian Carroll and Sam Curry, made a startling discovery regarding a vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. This bug allowed individuals with basic knowledge of SQL injection to manipulate the systems, potentially granting unauthorized access to airline rosters and security checkpoints, posing a serious threat to airline safety and security.

Carroll and Curry uncovered the vulnerability while investigating a third-party website belonging to FlyCASS, a vendor that provides access to the TSA’s Known Crewmember (KCM) and Cockpit Access Security System (CASS) for smaller airlines. By inserting a simple apostrophe into the username field, they triggered a MySQL error, indicating that the username was directly inserted into the login SQL query, making it susceptible to SQL injection attacks.

Upon further investigation, Carroll and Curry confirmed the presence of SQL injection and were able to exploit the vulnerability using tools like sqlmap. By inputting specific credentials, they managed to gain administrator access to the FlyCASS system, granting them unrestricted control over airline crew records and photos.

Once inside the system, Carroll noted that there were no additional security checks or authentication measures in place, allowing them to freely manipulate crew records and photos for any airline using FlyCASS. This posed a grave security risk, as unauthorized individuals could potentially exploit the vulnerability to gain access to secure airport areas, compromising airline safety protocols.

In response to these findings, TSA press secretary R. Carter Langston denied the severity of the issue, stating that the agency does not solely rely on the compromised database for flight crew authentication. Langston reassured the public that only verified crew members are granted access to secure airport areas, downplaying the potential risks associated with the vulnerability.

<DeFi Daily News> is your go-to source for the latest updates and trending news articles in the world of decentralized finance. Stay informed and stay ahead of the curve with DeFi Daily News!

In conclusion, the discovery of this vulnerability in the TSA’s login systems highlights the critical importance of robust cybersecurity measures in aviation and transportation industries. The ease with which Carroll and Curry were able to exploit the system underscores the need for continuous vigilance and proactive security protocols to safeguard sensitive data and infrastructure from potential threats. While the TSA’s response may downplay the severity of the issue, it serves as a stark reminder of the ever-evolving nature of cyber threats and the constant need for organizations to prioritize cybersecurity practices and risk mitigation strategies. By staying informed and adopting best practices in cybersecurity, we can help mitigate the risks posed by vulnerabilities like the one uncovered by Carroll and Curry, ensuring the safety and security of critical systems and services.



Source link

Tags: AddedAllowingbugCheckDiscoverFakepilotsResearchersrostersTSA
ShareTweetShare
Previous Post

#1 Secret To True Wealth [BitBoy Crypto Sunday Sermon]

Next Post

Experts Predict Legal Challenges for Meme Coin Takeover Teams – Decrypt

Next Post
Experts Predict Legal Challenges for Meme Coin Takeover Teams – Decrypt

Experts Predict Legal Challenges for Meme Coin Takeover Teams - Decrypt

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
Why Outlet Malls Are Struggling In The U.S.

Why Outlet Malls Are Struggling In The U.S.

July 16, 2024
rewrite this title Repair from Millions of Kilometers Away: How NASA Keeps the Mars Rovers Alive

rewrite this title Repair from Millions of Kilometers Away: How NASA Keeps the Mars Rovers Alive

September 29, 2025
Live Coverage of Triathlon Decision at Olympics 2024 as Beth Potter and Alex Yee Compete for Gold

Live Coverage of Triathlon Decision at Olympics 2024 as Beth Potter and Alex Yee Compete for Gold

July 31, 2024
rewrite this title Berkshire Hathaway to buy Occidental’s OxyChem for .7 billion, in Buffett’s biggest deal in three years

rewrite this title Berkshire Hathaway to buy Occidental’s OxyChem for $9.7 billion, in Buffett’s biggest deal in three years

October 2, 2025
Use rhino.fi to make payments with cryptocurrency and maintain your anonymity

Use rhino.fi to make payments with cryptocurrency and maintain your anonymity

August 14, 2024
rewrite this title Während BlackRock Geldanlagen tokenisiert, wird PepeNode das Mining revolutionieren! | Bitcoinist.com

rewrite this title Während BlackRock Geldanlagen tokenisiert, wird PepeNode das Mining revolutionieren! | Bitcoinist.com

October 14, 2025
rewrite this title Episode 231. “Our 0k in crypto is gone. Now we live with his mom.” – I Will Teach You To Be Rich

rewrite this title Episode 231. “Our $200k in crypto is gone. Now we live with his mom.” – I Will Teach You To Be Rich

October 21, 2025
rewrite this title West Ham, ‘we have a problem,’ Nuno says of loss

rewrite this title West Ham, ‘we have a problem,’ Nuno says of loss

October 21, 2025
rewrite this title and make it good for SEOChaman border crossing partially reopens after Pak-Afghan ceasefire

rewrite this title and make it good for SEOChaman border crossing partially reopens after Pak-Afghan ceasefire

October 21, 2025
rewrite this title Coinbase Tells US Treasury Old AML Rules Are ‘Broken,’ Pushes Tech Fixes for Crypto Crime – Decrypt

rewrite this title Coinbase Tells US Treasury Old AML Rules Are ‘Broken,’ Pushes Tech Fixes for Crypto Crime – Decrypt

October 21, 2025
rewrite this title Ace Hood Reveals His Intense Transformation Through Discipline And Sacrifice | Celebrity Insider

rewrite this title Ace Hood Reveals His Intense Transformation Through Discipline And Sacrifice | Celebrity Insider

October 21, 2025
rewrite this title with good SEO South Korea To Prohibit Stablecoin Interest Payments: Report

rewrite this title with good SEO South Korea To Prohibit Stablecoin Interest Payments: Report

October 21, 2025
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.