Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » American Airlines is not encrypting data for purchase of e-tickets.

American Airlines is not encrypting data for purchase of e-tickets.

by Majik on September 17th, 2001 Looks like aa.com (American Airlines) is NOT encrypting customer data for purchasing e-tickets.


Hopefully this isn't still the case by the time this posts.


This hold true for both Advantage login and non-members as well.


At no time did I get a redirect to an SSL server for my session.





Taking a peek at the "Passenger Details" page source, no where do you find


"https" or ":443", hmm.


Next I make a phony submission and low and behold this is what I grabbed:


" f o r m % C I _ C r e d i t C a r d T o U s e _ C a


r d N u m b e r " v a l u e = " 4 3 2 3 1 2 3 4 5 6 7 8 9 1 0 1 "



And yes for all you kiddies out there, that is a fake credit card number, don't try using it.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »