0

First of all Let me mention that this whole experiment is for learning purpose and not intended to cause harm or damage.

I am a novice networking enthusiast.Recently I tried to penetrate a wifi network which is open and has no security but authorization is done through a mikrotik hotspot gateway.When a user is connected to this network it redirects user to the gateway webpage on a server and asks to enter username and password for authentication.I could connect to the network after I managed to monitor devices that connect to this hotspot, record their MAC addresses and spoof my MAC address to impersonate one of the authorized devices.I have three questions;

  1. Is it possible to access the routers web interface and modify setting if the administrator changed the default password/username of the router?
  2. Why should a network administrator use this method to secure a network since this can be bypassed by mac spoofing and it is vulnerable compared to a WPA/WPA2 security?
  3. Is it possible to fix this vulnerability of hotspot gateway?

Thank you

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
PMD
  • 199
  • 1
  • 12

1 Answers1

2

Is it possible to access the routers web interface and modify setting if the administrator changed the default password/username of the router?

Hopefully not but some routers have one or even multiple backdoors. Or in case of MikroTik a CSRF attack against the administrator could be used to change the password if the system is not fully patched.

Why should a network administrator use this method to secure a network since this can be bypassed by mac spoofing and it is vulnerable compared to a WPA/WPA2 security?

There is no such thing as a 100% secure solution and the more security you want the more expensive and/or unusable it usually gets. To make MAC spoofing impossible inside a WLAN you probably need some kind of authentication of the clients which is more robust than the initial username and password. 802.X provides this but then you would need to install authentication credentials (for example certificates) on each device and maybe special software too. You don't want this in public hotspots so you accept instead the risk of MAC spoofing.

Is it possible to fix this vulnerability of hotspot gateway?

There are solutions but they affect the usability too much if used in a public hotspot. If used inside a company where one has more control over the connecting devices one can detect and block MAC spoofing.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thank you Steffen. You are right. In my opinion it would have been safer if the admin of this network setup a strong WPA2 security rather than this and I can't understand why he used this method. – PMD Oct 22 '16 at 07:41
  • @PMD: I don't know enough about this network but if it is a public hotspot then WPA2 might be felt too much of an annoyance. And as far as I know WPA2 probably does not prevent MAC spoofing either. – Steffen Ullrich Oct 22 '16 at 07:56