Ibis Budget hotels across Europe had keypad codes that could be leveraged for room entry exposed due to a security flaw impacting its self check-in kiosks, SecurityWeek reports.
Impacted kiosks could be exploited by inputting dashes to display current hotel bookings, which when clicked showed keypad access codes and room numbers, information that attackers could use to facilitate unauthorized room entry, according to a report from Pentagrid, which discovered and reported the vulnerability that has since been addressed by Ibis Budget parent firm Accor.
"Access to hotel rooms would allow the theft of valuables, especially if low-budget hotel rooms are not equipped with a room safe," said Pentagrid.
While the identity of the kiosks' vendor remains uncertain, such a vulnerability could have stemmed from a test function or bug not immediately remediated by the vendor and not from the master code for booking access, Pentagrid added.