Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,762,152

members

71

online now

1,917,955

discussions

Back to Top

Obsolete key exchange and ciphers

Frequent Visitor

Obsolete key exchange and ciphers

Nice to see that Comcast is real concerned about security.

 

Found out from Chrome, that https://connect.xfinity.com/appsuite is using:

 

1) an obsolete key exchange (RSA)

2) an obsolete cipher (AES_256_CBC with HMAC-SHA1)

 

Initial research on the Internet, old computer science textbooks and some authorative literature - it appears these 2 parts of Comcast's security put a user's password of being cracked as it is transmitted over the network.  Independent of anyone "breaking into" the Comcast server.

 

 

Comcast_Details_Screenshot.jpg