Meraki Community

Stoutski1 · ‎Apr 2 2019

Hi,

When you browse to network-wide Administrator or User and you click the right mouse button and select view source.

You will see the password encrypted of the admin users. On the User page you also can find the PSA of the Wifi(plaintext).

I understand that they are encrypted but there is always some who can uncrypt the passwords.

Does anybody know why meraki show this information in the source code?

Regards,

Stefan

PhilipDAth · ‎Apr 2 2019

If you think you have found actual security issues you should report them via the Bug Bounty program. You can earn cash this way.

https://bugcrowd.com/ciscomeraki

You can also email the Cisco PSIRT team.

psirt@cisco.com

I've had a quick look at the pages. For the admin users, are you referring to the "secret" field? I don't know the format of this field. I'm going to guess it is a salted hash of some kind.

I can see the psk_passphrase field you refer to. It seems a funny place to have it on this page. Note you can retrieve this anyway from the Wireless/SSIDs.

I can't see any reason why it should be on this page - so you should report it to the Bug Bount program. I'm not sure you'll get a reward for this, since it is retrievable anyway, and I think it will get classified as minor.

Meraki Community

View Source code with browser on organisation user or administrator page.

View Source code with browser on organisation user or administrator page.