Lazy Locked Login | CyberStart Completion

Lazy Locked Login


Our Dutch office recently bought a new Internet of Things (IoT) connected fridge. However, the temperature settings have been widely fluctuating as of late. All agents are currently out in the field and too busy to fix the problem.

We know there is a remotely accessible technician’s page where fridge settings can be modified, and that the fridge’s login page isn’t very secure. It was easy enough to find the username and password, but the form still has some very lazy extra protection. Intern, can you see if the rumours are true, fix our fridge, and help us verify this reported security vulnerability?

Tip: Successfully login to get the flag.


Take a look at the source code of the page to get a better understanding of how they’re disabling the form. Can we make any changes to the code that will allow us make it work as intended so we can submit our login information?

How to Solve:

  1. Right-click the “Enter” button in the UberFridge 1000 login.
  2. Click Inspect.
  3. Expand <div class="actions">.
  4. Enable the button by deleting the disabled at the end of the line:
    1. Before: <input id="submit-btn" type="submit" value="Enter" class="btn" disabled>
    2. After: <input id="submit-btn" type="submit" value="Enter" class="btn">
  5. Click the “Enter” button to get the flag.