Re: Comcast storing WiFi passwords in cleartext?

[Yang Yu <yang.yu.list () gmail com>]

On Tue, Apr 23, 2019 at 4:48 PM Töma Gavrichenkov <ximaera () gmail com> wrote:

> Apparently there's a concern with customers that their seemingly
> private passphrases, entered in their own boxes, are being shared with
> the upstream ISP without an explicit customer consent, and are kept in
> the ISP database for an unspecified period of time. Is it there by
> design?

Not sure what the concern is here. Cable model with builtin WiFi
(managed WiFi) is part of the service you signed up for and you are
free to use your own WiFi solutions. Chances are the CPE is rented
from ISP... Are you expecting the passphrase to get stored as a one
way hash?

Arris Touchstone has TR-069 connecting to ACS for configuration/management.

This platform is ridiculously insecure and the web interface
essentially does SNMP read/write over HTTP.
https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html