8 comments

[ 6.5 ms ] story [ 30.2 ms ] thread
Well, this is just standard Aerospace grade software. I would be surprised if you could find a single controller in an airplane without some trivial login credentials.

Exposing software like that to the internet is of course a completely insane step.

> RTX did not respond to our vulnerability report

I guess they mean you should sell the vulnerability to highest bidder instead of reporting? Weird choice.

Security vulerability text or a report is the basis for a CV.

Yes, Collins Aerospace is subsidiary of RTX, which is the distributor for a relational database for plane ticket credentials.