科技动态

Xfinity website bug revealed home addresses and Wi-Fi passwords

微信扫一扫,分享到朋友圈

Xfinity website bug revealed home addresses and Wi-Fi passwords

Saini and Stevenson found that they only needed a customer ID and house or apartment number (not the full address) in order to force the website to deliver the information. This, in spite of the fact that the form did request a full address. This information can be obtained from a discarded bill, or if an attacker only has the ID, they can guess a house/apartment number.

ZDNet was able to confirm that the bug indeed returned home addresses, as well as Wi-Fi username and password information in plain text. For one user they tested who didn’t use Xfinity’s router, the website returned the home address but not the username or password of the Wi-Fi network (another reason to always use your own router). If this wasn’t bad enough, it’s possible someone could have used this method to rename a Wi-Fi network or change the password, locking someone out of their own network.

Comcast is aware of the issue and has removed the option from its website. “There’s nothing more important than our customers’ security,” a Comcast spokesperson told ZDNet . “Within hours of learning of this issue, we shut it down. We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.” Still, considering that the service just introduced its mesh routers last night , the timing of this discovery isn’t great. It’s good that the company acted quickly, but it doesn’t change the fact that this breach of security happened in the first place.

How Many Objects Can Be Juggled (1997)

上一篇

Shopify rival Engine hopes to blaze a trail for Arkansas’ ecommerce startups

下一篇

你也可能喜欢

评论已经被关闭。

插入图片

热门栏目

Xfinity website bug revealed home addresses and Wi-Fi passwords

长按储存图像,分享给朋友