Is using Cable Broaband's AUTO LOGIN feature a security risk ?

[royalroy]

This is too much information. I tried some with my own password and user id. None worked

 

[netuser123]

2) It is very easy to find that out. Username is like firstname_LCO Code. So, if your name is rahul and lco code is abcb, the username would be rahul_abcb. And the password is a 4 number pin, like "1234". It is generally the last 4 digits of your registered phone number. I am sure it is stored in plain text on Alliance servers. Many customer support agents have told me the password. Also, it is easy to use a python script to brute force the 4 digit password. So, security is minimal in this case.

Satyanash !!!
You are absolutely right about the "firstname_LCO Code" & also about the 1234 password policy.
When I was using SITI that's exactly how my LCO had set my username & password. I later changed the password from 1234 to something more secure. I was not using a router. After I purchased a router my LCO enabled auto login so no password was required. I was online as soon as the powered on the router.
Why do you think LCOs use this policy of setting the username as "firstname_LCO Code"" & the password as 1234 ?
Do you think LCOs do this so that they themselves can (unethically) access their customer's account ?

 

[Netmagic]

@netuser123

Lco doesn't create username like - sudipta_xxx. it is created by the isp. Isp create ZONE for every lco on the captive portal (Mikrotik router), then create a sub domain for users, that's why Consumer user name_lcocode.

When a new consumer entry on isp system under lco, it automatically fetches lco code besides of "_".

Static IP system network is like home-based lan network. If you connect pc directly over alliance,wishnet, gtpl etc. You can see all users pc, router details at your windows network folder.

A serious case happened 2017 in my area, nearest a shop using Wishnet for cctv broadcasting, it can be accessible all video feed by other users.

https://imgur.com/a/xW5aQMd (Active users ip address, mac and router login url)

https://imgur.com/a/9M7AmXd (ISP NAS)

 

[AAK]

What can we gain from accessing our IPAcct login credentials ? Is it from where lco changes plan speeds etc ?

 

[x0rzavi]

Alliance uses Mac binding for autologin. They will assign a public static IP with all ports blocked. They change that IP after 2-3 months. Yes, there is a high chance. But alliance has poor security. People have used their newly launched servicedesk to find all their customer details. I have seen one person doing it but I have not done it personally. Turns out their SQL server has no security. If you are on alliance, forget about security.

If you have a raspberry pi or openwrt, you can schedule a cronjob to execute a small python code my friend wrote to log in automatically, without asking your LCO turning on autologin.

Hi! Would you be generous enough to give me a little more info about that sql thing🙂🙂??

 

[royalroy]

It was something I saw on facebook. A guy had done it and posted it in a group. Obviously, he had blurred out sensitive details. I personally have never tried it.

 

---