Security Flaw

Comcast Website Flaw Exposed Customer WiFi Passwords

ZDNet reports on May 22, 2018 a security flaw uncovered by two security researchers, Karan Saini and Ryan Stevenson.

Using only Comcast account number and the house number, Comcast router/modem activation screen will display the router’s WIFI password in plain text, even though the web form asks for full address.

If a bad actor has a Comcast account number, s/he can simply guesses the house number or apartment number.

This bug also returns the new WIFI password even if the modem/router has already been turned on.

Comcast reportedly corrected this error shortly after ZDNet’s report. Stay tuned.