Account Takeover Vulnerability in Popular Online Travel Service

By Ravie Lakshmanan, January 28, 2025

[Image: Airline Logo]

A recently patched account takeover vulnerability has been disclosed by cybersecurity researchers, affecting a popular online travel service for hotel and car rentals. The vulnerability allows attackers to gain unauthorized access to any user’s account, enabling them to impersonate the victim and perform various actions on their behalf.

Exploiting the Vulnerability

The vulnerability can be exploited by sending a specially crafted link that can be propagated via standard distribution channels such as email, text messages, or attacker-controlled websites. Clicking on the link is enough for the threat actor to hijack control of the victim’s account as soon as the login process is complete.

How the Attack Works

The attack method devised by Salt Labs involves redirecting the authentication response from the airline site, which includes the user’s session token, to a site under the attacker’s control by manipulating a "tr_returnUrl" parameter. This allows the attacker to access the victim’s account in an unauthorized manner, including their personal information.

Impact and Risks

Successful exploitation of the vulnerability could have put millions of online airline users at risk. The attack method is difficult to detect through standard domain inspection or blocklist/allowlist methods, making it a lucrative vector for API supply chain attacks.

Security Implications

The vulnerability highlights the importance of stringent security protocols to protect users from unauthorized account access and manipulation. Salt Labs has described service-to-service interactions as a lucrative vector for API supply chain attacks, where an adversary targets the weaker link in the ecosystem to break into systems and steal private customer data.

Prevention and Mitigation

To prevent and mitigate this vulnerability, it is essential to implement robust security measures, such as:

• Regularly updating and patching software and applications
• Implementing strong authentication and authorization mechanisms
• Conducting regular security audits and vulnerability assessments
• Educating users about the risks and consequences of phishing and social engineering attacks

Stay Informed

Stay up-to-date with the latest cybersecurity news and trends by following us on Twitter and LinkedIn.