Maximise your Avios, air miles and hotel points

Forums Frequent flyer programs Other frequent flyer schemes Reward programme security

  • masaccio 750 posts

    Spotted this today on reward programme security. My favourite bit:

    Most significantly, the researchers found a vulnerability in the global administration website in which an encrypted cookie assigned to each user had been encrypted with an easily guessable secret—the word “secret” itself. By guessing this, the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site, reencrypt the cookie, and essentially assume god-mode-like capabilities to access any Points reward system and even grant accounts unlimited miles or other benefits.

    can2 551 posts

    That’s utterly amazing. I remember I had to allow third party cookies to buy Hilton points, which shows’s heavy reliance on cookies perhaps.

    Thanks for sharing.

    Lady London 2,130 posts

    How, precisely, does one do this?

    Asking for a friend 🙂

  • You must be logged in to reply to this topic.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.