Security expert David Stubley says vulnerability in airline check-in software could have been exploited to allow users to view other individuals’ boarding passes and personal details. The vulnerability existed in travel software developed by Madrid-based Amadeus IT Group. The flaw was discovered by Stubley, who heads Edinburgh, Scotland-based security testing firm and consultancy 7 Elements. Stubley: “It was possible to download valid boarding passes – not belonging to the user – for future flights due to an insecure direct object reference weakness within the application””]
Source: https://www.cuinfosecurity.com/security-flaw-exposed-valid-airline-boarding-passes-a-12783