nanog mailing list archives
Re: Comcast storing WiFi passwords in cleartext?
From: Yang Yu <yang.yu.list () gmail com>
Date: Tue, 23 Apr 2019 20:01:14 -0700
On Tue, Apr 23, 2019 at 4:48 PM Töma Gavrichenkov <ximaera () gmail com> wrote:
Apparently there's a concern with customers that their seemingly private passphrases, entered in their own boxes, are being shared with the upstream ISP without an explicit customer consent, and are kept in the ISP database for an unspecified period of time. Is it there by design?
Not sure what the concern is here. Cable model with builtin WiFi (managed WiFi) is part of the service you signed up for and you are free to use your own WiFi solutions. Chances are the CPE is rented from ISP... Are you expecting the passphrase to get stored as a one way hash? Arris Touchstone has TR-069 connecting to ACS for configuration/management. This platform is ridiculously insecure and the web interface essentially does SNMP read/write over HTTP. https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html
Current thread:
- Re: Comcast storing WiFi passwords in cleartext?, (continued)
- Re: Comcast storing WiFi passwords in cleartext? Christopher Morrow (Apr 23)
- Re: Comcast storing WiFi passwords in cleartext? Randy Bush (Apr 24)
- RE: Comcast storing WiFi passwords in cleartext? Luke Guillory (Apr 23)
- Re: Comcast storing WiFi passwords in cleartext? K. Scott Helms (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Matt Hoppes (Apr 24)
- RE: Comcast storing WiFi passwords in cleartext? Luke Guillory (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Töma Gavrichenkov (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Tom Beecher (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Stephen Satchell (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Sean Figgins (Apr 24)
- Re: Comcast storing WiFi passwords in cleartext? Aaron C. de Bruyn via NANOG (Apr 24)
- Message not available
- Re: Comcast storing WiFi passwords in cleartext? Brandon Jackson via NANOG (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Seth Mattinen (Apr 24)
- RE: Comcast storing WiFi passwords in cleartext? Benjamin Sisco (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? K. Scott Helms (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Doug Barton (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? K. Scott Helms (Apr 25)
- Re: Comcast storing WiFi passwords in cleartext? Tom Beecher (Apr 25)