Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,429,839

members

13

online now

1,657,955

discussions

Password revealed in android system log

SOLVED
Posted by
Visitor
Member Since: ‎02-11-2011
Posts: 6
Message 1 of 19 (2,193 Views)

Password revealed in android system log

I have the android Xfinity app installed.  I have found my username and password exposed in plain text in the android system log. That log should not contain sensitive information, and this is a serious security issue.

1 ACCEPTED SOLUTION
Posted by
Problem Solver

Member Since: ‎05-21-2009
Posts: 1,748
Message 14 of 19 (1,840 Views)

Re: Password revealed in android system log

absurdist - download the new 2.0.2 update and see if you are still seeing the old behaviour? 

 

18 REPLIES
Posted by
Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 2 of 19 (2,180 Views)

Re: Password revealed in android system log

What version of android are you running? What platform are you running android on?
What app are you using to look at the system log with and where are you finding it?
Posted by
Edited on
‎02-12-2011 04:55 PM

Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 3 of 19 (2,173 Views)

Re: Password revealed in android system log

[ Edited ]

I have escalated this issue to the Forum Administrator for investigation.

 

Posted by
Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 4 of 19 (2,169 Views)

Re: Password revealed in android system log

Using Astro, I was able to find a log in /sustem/bin  but was unable to open and read the log.

Is that the log you are speaking of?

What Tool are you using to read the log and searcch for the Password?

Posted by
Visitor
Member Since: ‎02-11-2011
Posts: 6
Message 5 of 19 (2,146 Views)

Re: Password revealed in android system log

I read the log using aLogcat (app available in the market).  Open aLogcat, press menu and filter for "password".

 

My log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager".  After I clear my log (using aLogcat) that line reappears even when I haven't used the xfinity appI don't use my comcast credentials in any other app.

 

I have a Motorola Droid running Android 2.2.

 

Thank you for looking into this.

Posted by
Edited on
‎02-14-2011 10:54 AM

Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 6 of 19 (2,128 Views)

Re: Password revealed in android system log

[ Edited ]

Sorry for the blank post.  Droid sometimes is smarter than I am.Smiley Sad

Can you get rid of it by clearing cache on your Droid?

If so, then when you log in, don/t check "RememberMe"

We will rattle the cages one more tie to see if there is a way to store it encrypted.

Posted by
Edited on
‎02-14-2011 10:24 AM

Networking Expert

Member Since: ‎10-03-2003
Posts: 5,378
Message 7 of 19 (2,124 Views)

Re: Password revealed in android system log

[ Edited ]

I've confirmed this on my Captivate (Android 2.1).

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I don't work for Comcast...


Help us to help you!!
- respond to requests for info
- post back if your issue is resolved
- mark appropriate posts as solutions
Posted by
Edited on
‎02-14-2011 01:06 PM

Problem Solver

Member Since: ‎05-21-2009
Posts: 1,748
Message 8 of 19 (2,113 Views)

Re: Password revealed in android system log

[ Edited ]

We are looking into this and investigating and there is an update coming out soon(within a week or two) which shall address this issue for sure.

 

Kchahal

Posted by
Visitor
Member Since: ‎02-11-2011
Posts: 6
Message 9 of 19 (2,107 Views)

Re: Password revealed in android system log

I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure.  I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.

Posted by
Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 10 of 19 (2,072 Views)

Re: Password revealed in android system log


absurdist wrote:

I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure.  I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.


go into men/setttings and clear the form data and turn off saving of passwords

Posted by
Visitor
Member Since: ‎02-11-2011
Posts: 6
Message 11 of 19 (2,065 Views)

Re: Password revealed in android system log

I don't see those option in the Xfinity app.  Do you mean in the browser?  I don't save passwords in my browser.

Posted by
Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 12 of 19 (2,049 Views)

Re: Password revealed in android system log

Cap on browser Tap on more, cap on settings and scroll down to where you can uncheck save password and do a clear cache
Posted by
Visitor
Member Since: ‎02-11-2011
Posts: 6
Message 13 of 19 (2,023 Views)

Re: Password revealed in android system log

"Remember Passwords" was already unchecked in my browser.  I cleared my browser cache and form fields, but that doesn't remove my credentials from the system log.  I can clear the system log using aLogcat, but my credentials reappear if I log back into the Xfinity Mobile app.

Posted by
Problem Solver

Member Since: ‎05-21-2009
Posts: 1,748
Message 14 of 19 (1,841 Views)

Re: Password revealed in android system log

absurdist - download the new 2.0.2 update and see if you are still seeing the old behaviour? 

 

Posted by
Visitor
  • The Community would like to Welcome you!

Member Since: ‎02-19-2011
Posts: 1
Message 15 of 19 (1,728 Views)

Re: Password revealed in android system log

Passwords are not showing up for me in the system log Now.

 

updated the new version in my Droid X.

 

Posted by
Visitor
Member Since: ‎02-11-2011
Posts: 6
Message 16 of 19 (1,688 Views)

Re: Password revealed in android system log

I downloaded the updated app and cleared data in Settings.  My credentials are no longer showing up in the log.  Thanks for the quick fix.  Smiley Happy

Posted by
Connection Expert

Member Since: ‎09-29-2007
Posts: 6,440
Message 17 of 19 (1,681 Views)

Re: Password revealed in android system log

Glad you worked it out,

Posted by
Visitor
  • The Community would like to Welcome you!

Member Since: ‎03-03-2011
Posts: 2
Message 18 of 19 (1,362 Views)

Re: Password revealed in android system log

Is this fix the reason why now I have to log in every time I use the app, even if I have the box checked to remember me? It's pretty awful having to log in every single time, and thus don't get alerts, and the widget doesn't get updated.

Posted by
Problem Solver

Member Since: ‎05-21-2009
Posts: 1,748
Message 19 of 19 (1,353 Views)

Re: Password revealed in android system log

No. This is fix has nothing do with the issue you mentioned.

That is a seperate known issue that some users have reported. We are working on a fix and it will be included in the next update that is due sometime this month. We suspect that is also happening due to an upgrade scenario. Can you unistall the application, and install a fresh one and see it it still does not remember your login?

 

Thanks,

Kchahal