Vulnerability Management, Patch/Configuration Management

Ibis Budget room codes exposed by vulnerability

digital key and privacy management policy for cyber security

Ibis Budget hotels across Europe had keypad codes that could be leveraged for room entry exposed due to a security flaw impacting its self check-in kiosks, SecurityWeek reports.

Impacted kiosks could be exploited by inputting dashes to display current hotel bookings, which when clicked showed keypad access codes and room numbers, information that attackers could use to facilitate unauthorized room entry, according to a report from Pentagrid, which discovered and reported the vulnerability that has since been addressed by Ibis Budget parent firm Accor.

"Access to hotel rooms would allow the theft of valuables, especially if low-budget hotel rooms are not equipped with a room safe," said Pentagrid.

While the identity of the kiosks' vendor remains uncertain, such a vulnerability could have stemmed from a test function or bug not immediately remediated by the vendor and not from the master code for booking access, Pentagrid added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.