Earlier this year we reported about security measures taken by United Airlines that they’ll give you up to a million miles to find a Security Bug in their system. An Indian researcher Rahul Mohanraj who read about the United Airlines’ bug bounty program was perhaps excited to travel those million miles so he started working on it!
According to Mohanraj, when he went through the airline’s website, he found out that it was vulnerable to ClickJacking by which one can add email ID to any existing United Airlines Account. At first, he thought to report it to the airlines but decided not to because according to him it was not a big bug to be reported.
However, he kept trying to look for bigger security flaw and found that the process of changing the secondary email to primary did not have (Cross-Site Request Forgery) CSRF token. This is the time when hacker decided to report the bug to the airline. In an email response, United Airlines said that ClickJacking issue was already reported by someone, but the CSRF problem was never reported before by anyone, according to the blog post.
Now, when the bug is fixed, United Airlines has awarded the bug reporter “50,000 miles”.
CSRF (Cross-Site Request Forgery) is an attack which takes place when the malicious website, email or a message makes the Web browser perform an unwanted action on trusted site for which the user is authenticated via OWASP.