Amadeus referred as one of the largest reservation systems, serving for 141 airlines including world-leading airline customers of British Airways, Air France, Icelandair, Qantas etc.
This same vulnerability was discovered include 44% of the international carriers market including United Airlines, Lufthansa, Air Canada, and many more that affects tens of millions of travelers.
This could allows anyone can edit and change someone’s ticket reservation for any Airline which is used Amadeus reservation system by just having booking reference number.
White hats at Safety Detective told us today the security flaw in Amadeus, the web-based reservation system used by nearly half of the world’s airlines, was only superficially patched after the glaring hole was privately reported by the team.
The vulnerability revolves around the way Amadeus and airlines identify travelers: each person is assigned a unique booking reference, which is a six-digit alphanumeric string that retrieves their passenger name record (PNR). This record has all their personal details and their journeys. The system is used to manage passengers and flights, and allow government security agencies check the identity of travelers for known baddies.