Home » Hacking News » American Airlines is not encrypting data for purchase of e-tickets.
American Airlines is not encrypting data for purchase of e-tickets.
by Majik on September 17th, 2001 Looks like aa.com (American Airlines) is NOT encrypting customer data for purchasing e-tickets.
Hopefully this isn't still the case by the time this posts.
This hold true for both Advantage login and non-members as well.
At no time did I get a redirect to an SSL server for my session.
Taking a peek at the "Passenger Details" page source, no where do you find
"https" or ":443", hmm.
Next I make a phony submission and low and behold this is what I grabbed:
" f o r m % C I _ C r e d i t C a r d T o U s e _ C a
r d N u m b e r " v a l u e = " 4 3 2 3 1 2 3 4 5 6 7 8 9 1 0 1 "
And yes for all you kiddies out there, that is a fake credit card number, don't try using it.
