Comcast storing WiFi passwords in cleartext?

K. Scott Helms kscott.helms at gmail.com
Thu Apr 25 12:26:00 UTC 2019


People are missing the point here.  This is _not_ a Comcast "issue" this
same data is available to every single cable operator in the US who deploys
bundled modem/router/APs that follow the CableLabs standard.  They may or
may not expose the data to their end customers, but it's stored in their
systems and is often available to their support teams.

http://mibs.cablelabs.com/MIBs/wireless/CLAB-WIFI-MIB-2017-09-07.txt

The same thing applies to most FTTH and xDSL deployments.  They use TR-069
to collect the data instead of SNMP but the object model is the same.  The
WiFi MIB above is explicitly built to mimic TR-181 functionality.

Scott Helms



On Wed, Apr 24, 2019 at 5:48 PM Rich Kulawiec <rsk at gsp.org> wrote:

> On Wed, Apr 24, 2019 at 03:13:33PM +0000, Benjamin Sisco wrote:
> > The bigger concern should be the cleartext portion of the subject.
>
> Yes, and the availability of all this to anyone who hacks Comcast
> customer support.
>
> ---rsk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190425/9ff9fa76/attachment.html>


More information about the NANOG mailing list