Article 3QRNA Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords

Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords

by
Jon Brodkin
from Ars Technica - All content on (#3QRNA)
comcast-xfinity.png

Enlarge (credit: Comcast)

A security hole in a Comcast service-activation website allowed anyone to obtain a customer's Wi-Fi network name and password by entering the customer's account number and a partial street address, ZDNet reported yesterday.

The problem would have let attackers "rename Wi-Fi network names and passwords, temporarily locking users out" of their home networks, ZDNet wrote. Obviously, an attacker could also use a Wi-Fi network name and password to log into an unsuspecting Comcast customer's home network.

Shortly after ZDNet's story was published, Comcast disabled the website feature that was leaking Wi-Fi passwords. "Within hours of learning of this issue, we shut it down," Comcast told ZDNet and Ars. "We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn't happen again."

Read 11 remaining paragraphs | Comments

index?i=MwEjK6thvrA:qyn4MogQjmM:V_sGLiPB index?i=MwEjK6thvrA:qyn4MogQjmM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments