BAS Portal Admin Interface

Discovering Default Credentials in BAS Portal Admin Access

Cybersecurity

11/28/2023

Discovery Process

During a security assessment of the BAS portal, I discovered a significant vulnerability in the administrative interface. The portal, accessible at http://bas.iitgn.ac.in:81, was found to be using default credentials, potentially allowing unauthorized access within the IITGN-SSO network.

How did I find it.

  1. Port Scanning

    • Target: BAS portal (IP: 10.0.137.172)
    • Discovery: Open service on port 81
    81/tcp   open  hosts2-ns

  2. Access Verification

    • Located admin login portal for Smart Office
    • Google search for the default credentials for Smart Office suite. It turn out to be :
      • Username: “smart”
      • Password: “smart”

After discovering this security issue, I reported it to the appropriate authorities and monitored the remediation process.

BAS Portal Admin Interface

The security team took prompt action and removed the service on port 81. Hence solve the issue.

Below is a screenshot of the interface that was accessible:

BAS Admin Portal Interface

Happy Hacking!

Other Posts 18
Innovation Journey: My Experience at IIT Jammu Invention Factory

Innovation Journey: My Experience at IIT Jammu Invention Factory

Jul 20, 2023
Product DevelopmentProblem Solving
Discovering Default Credentials in BAS Portal Admin Access

Discovering Default Credentials in BAS Portal Admin Access

Nov 28, 2023
Cybersecurity
App Script to Auto Shedule meets based on mails

App Script to Auto Shedule meets based on mails

May 12, 2023
AutomationGoogle App Script
Computer Labs Security Vulnerabilities

Computer Labs Security Vulnerabilities

Dec 3, 2024
Cybersecurity
Per-Process Bandwidth Tracker using eBPF

Per-Process Bandwidth Tracker using eBPF

Mar 26, 2024
System ProgrammingeBPF
Technical Lead at EII and E-Summit

Technical Lead at EII and E-Summit

May 12, 2023
Web DevelopmentLeadership
GodBot - The Ultimate Advanced AI Bot

GodBot - The Ultimate Advanced AI Bot

Mar 26, 2024
AIPython
Issue Tracker

Issue Tracker

May 12, 2023
Web DevelopmentFlask
Mess Portal Security Vulnerability

Mess Portal Security Vulnerability

Apr 20, 2026
CybersecurityResponsible Disclosure
My Journey Through NDA SSB: A Personal Experience

My Journey Through NDA SSB: A Personal Experience

Jul 15, 2022
Life ExperienceLeadership
OWASP Nest: Open Source Contribution

OWASP Nest: Open Source Contribution

Dec 18, 2024
SecurityOpen Source
Software Intern at Ripplica

Software Intern at Ripplica

Aug 20, 2025
AIAutomation
SRIP Portal Serverless Migration

SRIP Portal Serverless Migration

May 12, 2023
PythonFlask
StudySahayak - AI-Powered Content Repurposing

StudySahayak - AI-Powered Content Repurposing

Mar 26, 2024
AIFlask
Void Battle: A Terminal-Based Space Combat Game

Void Battle: A Terminal-Based Space Combat Game

Nov 29, 2024
Game DevelopmentPython
Tico: A Git Clone Implementation

Tico: A Git Clone Implementation

May 12, 2023
pythongit
Interactive Course Timetable

Interactive Course Timetable

May 12, 2023
Web DevelopmentFlask
Understanding the Dark Web: A Security Perspective

Understanding the Dark Web: A Security Perspective

Nov 29, 2024
Cybersecurity