A year ago, I discovered a security vulnerability in the sales personnel panel of Finnair, a Finnish airline company. The flaw was in the authentication logic, where several sales personnel panel sites failed to enforce proper login checks. Using this, I was able to access the sales administrator panel and extract information for 78 employees, including their First Name, Last Name, Email Address, Work Level, and Password Hash. The passwords were stored as easily crackable MD5 hashes.
Samples:
Thibaud;Rohmer;thibaud.rohmer@finnair.com;sysadmin;90a3ed9e32b2aaf4c61c410eb925426119e1a9dc53d4286ade99a809
Heidi;Pajari;heidi.pajari@finnair.com;sales;90a3ed9e32b2aaf4c61c410eb925426119e1a9dc53d4286ade99a809(Some passwords are the same for some reason)
Link:
Link:
This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Self-Ban | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.
Ban Reason: Self-Ban | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.
