Jump to content

Comcast website bug leaks Xfinity customer data


steven36

Recommended Posts

Exclusive: A bug in Comcast's website leaks sensitive customer information.

 

https://s7d4.turboimg.net/sp/5258e8f94bad1210bb7dc42cbeed76cc/comcast-van.jpg

 

A bug in Comcast's website used to activate Xfinity routers can return sensitive information on the company's customers.

 

The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password.

 

Two security researchers, Karan Saini and Ryan Stevenson, discovered the bug.

 

Saini, who previously discovered an Uber two-factor bypass bug and a flaw in India's national biometric database, told ZDNet about the bug.

 

Only a customer account ID and that customer's house or apartment number is needed -- even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. In any case, a determined attacker could simply guess the house or apartment number.

 

ZDNet obtained permission from two Xfinity customers to check their information. We were able to obtain their full address and zip code -- which both customers confirmed.

 

The site returned the Wi-Fi name and password -- in plaintext -- used to connect to the network for one of the customers who uses an Xfinity router. The other customer was using his own router -- and the site didn't return the Wi-Fi network name or password.

 

https://s7d5.turboimg.net/sp/52d24d889ed6ceec8553ff9712becece/comcast-note-2.jpg

 

 

https://s7d5.turboimg.net/sp/171ca82baad7712b9c49ee212e346b29/comcast-note-1.jpg

 

The bug returns data even if the Xfinity Wi-Fi is already switched on.

 

Even when the Wi-Fi password changes, running the details again will return the new Wi-Fi password. There appears to be no way for customers to opt out when using Xfinity hardware.

It's also possible to rename Wi-Fi network names and passwords, temporarily locking users out.

 

Saini said that it would be nearly impossible to enumerate account numbers.

 

Although it's not believed the sensitive data can be used to access the router's settings, an attacker could use the information to access the Wi-Fi network within its range. On the network, an attacker could read unencrypted traffic from other users on the network.

 

Comcast, when contacted prior to publication, did not comment.

 

Source

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...