Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2820
Views
2
Helpful
1
Replies

View Source code with browser on organisation user or administrator page.

StefanStout
Community Member

‎04-02-2019 03:05 PM

Hi,

When you browse to network-wide Administrator or User and you click the right mouse button and select view source.

You will see the password encrypted of the admin users. On the User page you also can find the PSA of the Wifi(plaintext).

I understand that they are encrypted but there is always some who can uncrypt the passwords.

Does anybody know why meraki show this information in the source code?

Regards,

Stefan

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎04-02-2019 03:20 PM

If you think you have found actual security issues you should report them via the Bug Bounty program. You can earn cash this way.

https://bugcrowd.com/ciscomeraki

You can also email the Cisco PSIRT team.

psirt@cisco.com

I've had a quick look at the pages. For the admin users, are you referring to the "secret" field? I don't know the format of this field. I'm going to guess it is a salted hash of some kind.

I can see the psk_passphrase field you refer to. It seems a funny place to have it on this page. Note you can retrieve this anyway from the Wireless/SSIDs.

I can't see any reason why it should be on this page - so you should report it to the Bug Bount program. I'm not sure you'll get a reward for this, since it is retrievable anyway, and I think it will get classified as minor.

Customers Also Viewed These Support Documents