Hotel Check-in Kiosks Expose Guest Data, Room Keys

June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more

Check-in terminals used by thousands of hotels leak guest info

June 5, 2024 at 04:44PM Ariane Systems’ self check-in systems at hotels globally are vulnerable to a kiosk mode bypass flaw, potentially allowing unauthorized access to guests’ personal information and room keys. Despite the researcher’s attempts to alert the vendor, a proper response is pending. Hotel operators are advised to isolate the vulnerable terminals and … Read more