Comcast website bug leaks Xfinity customer data2018-05-22 10:43 by Daniela
Tags: Comcast, Xfinity
Security researchers have discovered a bug in the Comcast website that makes it possible to gather sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password.
The vulnerability affects Comcast customers with Xfinity routers, as the password is built in. To help with ease of setup, an app can be used to configure additional devices, and this means syncing custom SSIDs and passwords - data which can also be accessed.
The problem stems from the fact that an Xfinity account can be activated, even if it has already been activated. The data needed for the activation is a subscriber's account number and street address number. After successful activation, the attacker will be served up the wireless name and password, sent on the web in plaintext. Having those credentials, he can easily monitor traffic, change settings or even block access to the network for some users.
Since changing the wireless network name and password won't actually protect them, currently, the only thing that Xfinity customers can do is to buy their own router.
Read more -here-