By Eduard Kovacs on December 05, 2014
NASA's Orion spacecraft was launched today, and it's possible that the microchip containing the names of the 1.3 million individuals who got a boarding pass for the test flight also stores a payload injected by researchers at Germany-based Vulnerability Lab.
In October, NASA launched a special website where users could get a boarding pass to fly their name on Orion's first flight. However, researchers discovered that the fields where users entered their first name and their last name were plagued by a persistent input validation Web vulnerability.
"A filter bypass and persistent input validation web vulnerability (embed code execution) has been discovered in the official NASA Mars Program web-application," Vulnerability Lab wrote in an advisory. "The high severity vulnerability allows remote attackers to inject own system specific codes to the application-side of the affected NASA online-service website."
full article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.