Meraki

Community

View Source code with browser on organisation user or administrator page.

Stoutski1
Here to help
‎Apr 2 2019 3:05 PM
‎Apr 2 2019 3:05 PM

View Source code with browser on organisation user or administrator page.

Hi,

 

When you browse to network-wide Administrator or User and you click the right mouse button and select view source.

You will see the password encrypted of the admin users. On the User page you also can find the PSA of the Wifi(plaintext).

 

I understand that they are encrypted but there is always some who can uncrypt the passwords.

 

Does anybody know why meraki show this information in the source code?

 

Regards,

 

Stefan

 

0 Kudos
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 2 2019 3:20 PM
‎Apr 2 2019 3:20 PM

If you think you have found actual security issues you should report them via the Bug Bounty program.  You can earn cash this way.

https://bugcrowd.com/ciscomeraki

 

You can also email the Cisco PSIRT team.

psirt@cisco.com

 

 

I've had a quick look at the pages.  For the admin users, are you referring to the "secret" field?  I don't know the format of this field.  I'm going to guess it is a salted hash of some kind.

 

I can see the psk_passphrase field you refer to.  It seems a funny place to have it on this page.  Note you can retrieve this anyway from the Wireless/SSIDs.

I can't see any reason why it should be on this page - so you should report it to the Bug Bount program.  I'm not sure you'll get a reward for this, since it is retrievable anyway, and I think it will get classified as minor.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.