Where in the World Is Carmen Sandiego?
Karsten Nohl, Nemanja Nikodijevic
Airline reservation systems grew from mainframes with green-screen terminals to modern-looking XML/SOAP APIs to access those same mainframes. The systems lack central concepts of IT security, in particular good authentication and proper access control. We show how these weaknesses translate into disclosure of traveler's personal information and would allow several forms of fraud and theft, if left unfixed.