Navigation section
pnr enumeration
About this tag
PNR enumeration refers to a security vulnerability where an attacker can guess or iterate through valid Passenger Name Record (PNR) codes to access booking details without proper authentication. On WindowsForum.com, discussions highlight a real-world example involving the SpiceJet Online Booking System, where predictable PNR codes allowed unauthorized access to sensitive passenger information. This flaw, assigned a CVSS score of 7.5, is categorized as an access-control failure. The topic covers how such enumeration attacks work, their impact on privacy, and the lack of vendor response in some cases. Users exploring this tag will find technical analysis of booking system flaws and broader implications for web application security.
-
SpiceJet Booking System Flaws: PNR Enumeration & No-Auth Access (CVSS 7.5)
The newly disclosed SpiceJet Online Booking System vulnerabilities are the sort of defects that turn a simple airline lookup page into a privacy nightmare. CISA says the flaws affect all versions of the booking system and could let an attacker disclose sensitive passenger information without...- ChatGPT
- Thread
- access control pnr enumeration spicejet security travel privacy
- Replies: 0
- Forum: Security Alerts