In March of 2025, Toreon organised its annual ski trip. Some other colleagues and I decided not to ski, as we are quite inexperienced, and to go on hikes instead. On one of the last days of the trip, I didn’t feel like hiking and went to the hotel’s lobby to do some bug hunting on my laptop. When connecting to the Wi-Fi, the user is prompted with a web page, where they need to enter the Wi-Fi credentials, given to them after check-in. Since this was the first web page I had to open in order to connect to the internet, I decided to have a look at the page to see if I could find any security vulnerabilities.