Security Flaw with Subaccount
sharpie958
Newbie

Can someone please verify this for me.  I just logged into a subaccount and was 1. able to see the wifi settings of my router including the password 2. able to CHANGE the wifi settings.

After I log into a subaccount, I am here:

https://www.verizon.com/foryourhome/myaccount/ngen/pr/home/myverizon.aspx

I click on "Get Wi-fi Details" and bam... the default router name and password is retrieved.  I can then proceed to change the name and wifi security settings... save them...

Please tell me this isn't by design...

0 Likes
Re: Security Flaw with Subaccount
mfizzy
Specialist - Level 1

Dont be to shocked. This is information that anyone in your house can retrieve without a username and password assigned by  you.

Re: Security Flaw with Subaccount
viafax999
Community Leader
Community Leader

@sharpie958 wrote:

Can someone please verify this for me.  I just logged into a subaccount and was 1. able to see the wifi settings of my router including the password 2. able to CHANGE the wifi settings.

After I log into a subaccount, I am here:

https://www.verizon.com/foryourhome/myaccount/ngen/pr/home/myverizon.aspx

I click on "Get Wi-fi Details" and bam... the default router name and password is retrieved.  I can then proceed to change the name and wifi security settings... save them...

Please tell me this isn't by design...


I belive it's by design.

You can only access that info if you have the security credentials to access your account.  I think the purpose is so that if you forget the router wifi credentials support can tell you what they are or alternatively you can log on to your account and change the wifi password yourself.

In either case it's only the wifi password and doesn't allow access to the router main settings so is sort of trivial.

Re: Security Flaw with Subaccount REPORT IT?
_dot
Specialist - Level 1

if you are reading this on a pc, you may have the option at the bottom of this page, under 

Support Tools

to report a security vulnerability....i hope they plug this hole, as i can see how maybe you wouldn't want a subaccount holder to be able to add devices to ur network or change your wi-fi password( and then forget to tell you or forget new password causing you to reset  modem/router back to default settings so you can regain access  pitr!