Download >>> https://tinurli.com/25qjal
A vulnerability was recently discovered in the \\Delta Airlines website that allowed hackers to create an account with their email address. The Delta website uses an account recovery tool, which allows you to access your account even when it has been locked. But this tool does not require any authentication, so it's possible to enter anyone's email address in order to create a new account with them. This issue affects all users who have tried to log into their Delta Air Lines accounts since March 26th, 2017 without having changed or reset their passwords since then due to the recent password change policy change which requires users to use at least one of their six last passwords in order for login attempt be accepted. If the user does not change their password, they will be unable to sign in to their account for between 72h and 90 days. Further investigation revealed that it is possible for anyone to register an account by entering their email address on the signup page. It also showed that anyone who receives an email from Delta can create a new account with them using the email address used. The vulnerability was fixed shortly after it was discovered, but still concerns are being raised about whether or not Delta is asking customers' permission for this vulnerability given the policy change. Some are concerned given that these types of vulnerabilities can be used for identity stealing attacks or phishing campaigns. A Delta representative has stated that no one will be able to create an account from their email address used by the attacker despite the fact that they have been unable to lock out their account. This is because his account was created using a previously unused password rather than the current password. The representative also said that it is not possible to create an account with another user's email address. However, since Delta allows users to use social media accounts for signup, it is possible for anyone who knows someone who has an active Delta account or does not know anyone who does to create one on their behalf. The vulnerability is being reported as the most severe vulnerability ever discovered in a major airline's website and has even been compared to the US airlines' infamous Heartbleed vulnerability that was discovered in 2014. Since it hardly takes more than one day for a hacker to create an email account with Delta, Saama Technologies (the company that discovered this vulnerability) estimates that the hacker could have had more than one million accounts on Delta's servers by now. Since Delta would not post the actual email address of the attacker nor block his account, he can register any email on its signup pages and create as many new accounts as he wants with those emails and use those accounts for phishing and phishing websites. He can also gain access to other accounts if they use the same email address. Delta's website has been exploited, and millions of users' accounts have been able to be hacked and used maliciously. That means that there is a great risk for identity theft and further attacks. https://newsroom.delta.com/news/customer-service/delta-air-lines-customer-service#https://insidebigdata. eccc085e13
Comments