"Researchers Find SQL Injection to Bypass Airport TSA Security Checks"

Security researchers Ian Carroll and Sam Curry discovered a vulnerability in a key air transport security system that enables unauthorized individuals to bypass airport security screenings and access aircraft cockpits. They found the vulnerability in FlyCASS, a third-party web-based service used by some airlines to manage the Known Crewmember (KCM) program and Cockpit Access Security System (CASS). The researchers found that the FlyCASS login system was vulnerable to SQL injection, which allows attackers insert SQL statements for malicious database queries. Through the exploitation of this flaw, attackers could log in as an administrator for a participating airline and manipulate employee data. This article continues to discuss the discovery of an SQL injection flaw that enables bypassing airport TSA security checks.

BleepingComputer reports "Researchers Find SQL Injection to Bypass Airport TSA Security Checks"

Submitted by grigby1