Low Pnr Entropy: I Accessed All Airline Bookings via Simple Math
Postedabout 1 month agoActiveabout 1 month ago
alexschapiro.comSecuritystory
heatednegative
Debate
80/100
Airline SecurityAPI VulnerabilityPnr Entropy
Key topics
Airline Security
API Vulnerability
Pnr Entropy
Discussion Activity
Light discussionFirst comment
3m
Peak period
1
0-1h
Avg / period
1
Key moments
- 01Story posted
Dec 1, 2025 at 12:06 PM EST
about 1 month ago
Step 01 - 02First comment
Dec 1, 2025 at 12:09 PM EST
3m after posting
Step 02 - 03Peak activity
1 comments in 0-1h
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 1, 2025 at 12:09 PM EST
about 1 month ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (1 comments)
Showing 1 comments
diavarlyani
about 1 month ago
Meanwhile in India we have airlines asking for OTP + Aadhaar + blood sample to change a seat, and somehow Avelo just needed 6 random chars.
Beautiful write-up, Alex — this is the kind of responsible disclosure we need more of.
View full discussion on Hacker News
ID: 46109876Type: storyLast synced: 12/1/2025, 5:14:14 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.