Everyone, especially Indonesian people, should know what wifi id is. Yes, wifi id is an internet hotspot that provided by Indonesian Telkom. Some wifi id internet hotspot need no account, so everyone could do browsing with no cost, but most of it, the wifi id internet hotspot need account to access it. It means, you have to pay additional fee to get the account if you subscribe Telkom internet connection. Or, you could buy wifi id voucher directly on wifi id landing page.
So, what is the main purpose of this post? Yes, few weeks ago I discovered some misconfiguration on wifi id. I found that wifi id let the users to do DNS query. If you do host ping with wifi id connection without login, you won’t get any icmp reply, but you still get the host’s ip address. Because of this vulnerability misconfiguration, anyone could bypass the authentication and browse the internet with no account logged in. But in this post, I won’t give any mechanism how to bypass it. I have given the clue, so please find it with your way. Because I believe, any security tester could bypass this thing 😀
And for Telkom, please fix the configuration. You could whitelist only trusted domain and do not open DNS query to all host. With good firewall management and good network configuration, I believe you could make a better service for your customer.
POC?
