https://community.cisco.com/t5/cloud-networking-platform/view-source-code-with-browser-on-organisation-user-or/m-p/5439514#M10027 <P>If you think you have found actual security issues you should report them via the Bug Bounty program. You can earn cash this way.</P><P><A href="https://bugcrowd.com/ciscomeraki" target="_self" rel="nofollow noopener noreferrer">https://bugcrowd.com/ciscomeraki</A></P><P>You can also email the Cisco PSIRT team.</P><P><A href="mailto:psirt@cisco.com" target="_blank" rel="nofollow noopener noreferrer">psirt@cisco.com</A></P><P>I've had a quick look at the pages. For the admin users, are you referring to the "secret" field? I don't know the format of this field. I'm going to guess it is a salted hash of some kind.</P><P>I can see the <SPAN>psk_passphrase field you refer to. It seems a funny place to have it on this page. Note you can retrieve this anyway from the Wireless/SSIDs.</SPAN></P><P><SPAN>I can't see any reason why it should be on this page - so you should report it to the Bug Bount program. I'm not sure you'll get a reward for this, since it is retrievable anyway, and I think it will get classified as minor.</SPAN></P> Tue, 02 Apr 2019 22:20:59 GMT Philip D'Ath 2019-04-02T22:20:59Z https://community.cisco.com/t5/cloud-networking-platform/view-source-code-with-browser-on-organisation-user-or/m-p/5439513#M10026 <P>Hi,</P><P>When you browse to network-wide Administrator or User and you click the right mouse button and select view source.</P><P>You will see the password encrypted of the admin users. On the User page you also can find the PSA of the Wifi(plaintext).</P><P>I understand that they are encrypted but there is always some who can uncrypt the passwords.</P><P>Does anybody know why meraki show this information in the source code?</P><P>Regards,</P><P>Stefan</P> Tue, 02 Apr 2019 22:05:14 GMT https://community.cisco.com/t5/cloud-networking-platform/view-source-code-with-browser-on-organisation-user-or/m-p/5439513#M10026 StefanStout 2019-04-02T22:05:14Z https://community.cisco.com/t5/cloud-networking-platform/view-source-code-with-browser-on-organisation-user-or/m-p/5439514#M10027 <P>If you think you have found actual security issues you should report them via the Bug Bounty program. You can earn cash this way.</P><P><A href="https://bugcrowd.com/ciscomeraki" target="_self" rel="nofollow noopener noreferrer">https://bugcrowd.com/ciscomeraki</A></P><P>You can also email the Cisco PSIRT team.</P><P><A href="mailto:psirt@cisco.com" target="_blank" rel="nofollow noopener noreferrer">psirt@cisco.com</A></P><P>I've had a quick look at the pages. For the admin users, are you referring to the "secret" field? I don't know the format of this field. I'm going to guess it is a salted hash of some kind.</P><P>I can see the <SPAN>psk_passphrase field you refer to. It seems a funny place to have it on this page. Note you can retrieve this anyway from the Wireless/SSIDs.</SPAN></P><P><SPAN>I can't see any reason why it should be on this page - so you should report it to the Bug Bount program. I'm not sure you'll get a reward for this, since it is retrievable anyway, and I think it will get classified as minor.</SPAN></P> Tue, 02 Apr 2019 22:20:59 GMT https://community.cisco.com/t5/cloud-networking-platform/view-source-code-with-browser-on-organisation-user-or/m-p/5439514#M10027 Philip D'Ath 2019-04-02T22:20:59Z