The process
First, I got the Wi-Fi password, which was cleverly written on a whiteboard on the wall in front of me. After login in, I just checked which was my default gateway and proceed to enter the address in my browser. And I got this page:
Then I did what any person with minimum search skills could do, just searched for the default login password and username for that specific modem, which was cleverly publish on this website.
I entered those default username and password and boom! I was in, just got access to the full administrative panel of a place where they have a computer for accepting payments, where Rappi or Uber eats can place orders, and also where they use a terminal to make charges to credit and debit cards.
Conclusion
This wasn't my first experience with a problem like this, and I also tried to reach some managers from other places with this problem, some of them seems to not be so aware of the problem it is, but this was my first experience where I was able to help someone. As one of my colleagues states in one of his blog posts, the default is usually unsafe, and even when the administrative panel of this particular router was shouting in a red color that the passwords were the default once you logged in to the device, it never forced me to change the password once I was in, I think that this kind of things can be better done by enforcing security, but also the people must be aware of what it means to have a router in their homes, when the company staff installs the router, I think they should tell a bit about those kind of settings and the danger of leaving it as is.
No hay comentarios:
Publicar un comentario