An airport's boarding gate displays leaked information that could have allowed attackers to gain access to passengers' bookings and their personal details.
While waiting for his flight at an airport in Europe, Candid Wueest of Symantec's security research team saw a timed-out web browser window on one of the boarding gate displays. Curious, he noted the window's IP address and tried to open it on his smartphone.
To his surprise, Wueest opened up a screen showing not just what flights were leaving that particular gate but also what flights were leaving all gates across multiple airports via a single airline.
That's not all he found, however, as Wueest explains in a blog post:"On the public-facing server there was one page that immediately caught my eye. For each gate, there was a debug page available. The page listed all database fields with information available about the next flight. One of the queried tables was for passengers on the standby list. Various information...(continued)