The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Comcast website bug leaks Xfinity customer data

2018-05-22 10:43 by
Tags: ,

 

Security researchers have discovered a bug in the Comcast website that makes it possible to gather sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password.

The vulnerability affects Comcast customers with Xfinity routers, as the password is built in. To help with ease of setup, an app can be used to configure additional devices, and this means syncing custom SSIDs and passwords - data which can also be accessed.

The problem stems from the fact that an Xfinity account can be activated, even if it has already been activated. The data needed for the activation is a subscriber's account number and street address number. After successful activation, the attacker will be served up the wireless name and password, sent on the web in plaintext. Having those credentials, he can easily monitor traffic, change settings or even block access to the network for some users.

Since changing the wireless network name and password won't actually protect them, currently, the only thing that Xfinity customers can do is to buy their own router.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About