Re: Comcast storing WiFi passwords in cleartext?

[Brandon Jackson via NANOG <nanog () nanog org>]

This has been a thing for quite a while with Comcast. It is also available
to a customer service rep. It is retrieved from the Gateway via SNMP if I'm
not mistaken. Customer service reps can also reset your wireless
password either to a default or a specific one of yours or their choosing
if necessary.

This is something to remember with cable modems and especially gateways. As
long as it is connected to their Network it is practically thiers from a
configurations standpoint, they are in complete control of the device and
can get any information they need or want from said device.

I'm not saying they are doing anything nefarious or packet capping the
local network or anything of that nature that is a little on the tin foil
hat side for me personally, but you should always consider that any
information available to a cable modem Gateway or plain cable modem is
available to the ISP.

As many have recommended in the past always get a separate router and a
plane modem.



Brandon Jackson

On Tue, Apr 23, 2019, 19:47 Töma Gavrichenkov <ximaera () gmail com> wrote:

> Hi NANOG,
>
> Here's an issue raised today:
>
> https://security.stackexchange.com/questions/207895/how-does-comcast-know-my-wifi-password
>
> Apparently there's a concern with customers that their seemingly
> private passphrases, entered in their own boxes, are being shared with
> the upstream ISP without an explicit customer consent, and are kept in
> the ISP database for an unspecified period of time. Is it there by
> design?
>
> if so, then maybe some tweaks are necessary?
>
> --
> Töma