Welcome to Comcast Help & Support Forums
You can contribute an answer or post a question.
Reply
Posted by
Contributor
Member Since: ‎02-11-2011
Posts: 6
Accepted Solution

Password revealed in android system log

I have the android Xfinity app installed.  I have found my username and password exposed in plain text in the android system log. That log should not contain sensitive information, and this is a serious security issue.

Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log

What version of android are you running? What platform are you running android on?
What app are you using to look at the system log with and where are you finding it?
Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log

[ Edited ]

I have escalated this issue to the Forum Administrator for investigation.

 

Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log

Using Astro, I was able to find a log in /sustem/bin  but was unable to open and read the log.

Is that the log you are speaking of?

What Tool are you using to read the log and searcch for the Password?

Posted by
Contributor
Member Since: ‎02-11-2011
Posts: 6

Re: Password revealed in android system log

I read the log using aLogcat (app available in the market).  Open aLogcat, press menu and filter for "password".

 

My log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager".  After I clear my log (using aLogcat) that line reappears even when I haven't used the xfinity appI don't use my comcast credentials in any other app.

 

I have a Motorola Droid running Android 2.2.

 

Thank you for looking into this.

Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log

[ Edited ]

Sorry for the blank post.  Droid sometimes is smarter than I am.Smiley Sad

Can you get rid of it by clearing cache on your Droid?

If so, then when you log in, don/t check "RememberMe"

We will rattle the cages one more tie to see if there is a way to store it encrypted.

Posted by
Networking Expert
Member Since: ‎10-03-2003
Posts: 5,212

Re: Password revealed in android system log

[ Edited ]

I've confirmed this on my Captivate (Android 2.1).

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I don't work for Comcast...


Help us to help you!!
- respond to requests for info
- post back if your issue is resolved
- mark appropriate posts as solutions


Send feedback to Comcast using the 'feedback' link on this page:
http://www.comcast.com/Corporate/Customers/CustomerGuarantee.html?SCRedirect=true

Posted by
Official Employee
Member Since: ‎05-21-2009
Posts: 1,748

Re: Password revealed in android system log

[ Edited ]

We are looking into this and investigating and there is an update coming out soon(within a week or two) which shall address this issue for sure.

 

Kchahal

Posted by
Contributor
Member Since: ‎02-11-2011
Posts: 6

Re: Password revealed in android system log

I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure.  I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.

Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log


absurdist wrote:

I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure.  I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.


go into men/setttings and clear the form data and turn off saving of passwords

Posted by
Contributor
Member Since: ‎02-11-2011
Posts: 6

Re: Password revealed in android system log

I don't see those option in the Xfinity app.  Do you mean in the browser?  I don't save passwords in my browser.

Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log

Cap on browser Tap on more, cap on settings and scroll down to where you can uncheck save password and do a clear cache
Posted by
Contributor
Member Since: ‎02-11-2011
Posts: 6

Re: Password revealed in android system log

"Remember Passwords" was already unchecked in my browser.  I cleared my browser cache and form fields, but that doesn't remove my credentials from the system log.  I can clear the system log using aLogcat, but my credentials reappear if I log back into the Xfinity Mobile app.

Posted by
Official Employee
Member Since: ‎05-21-2009
Posts: 1,748

Re: Password revealed in android system log

absurdist - download the new 2.0.2 update and see if you are still seeing the old behaviour? 

 

Posted by
New Visitor
Member Since: ‎02-19-2011
Posts: 1

Re: Password revealed in android system log

Passwords are not showing up for me in the system log Now.

 

updated the new version in my Droid X.

 

Posted by
Contributor
Member Since: ‎02-11-2011
Posts: 6

Re: Password revealed in android system log

I downloaded the updated app and cleared data in Settings.  My credentials are no longer showing up in the log.  Thanks for the quick fix.  Smiley Happy

Posted by
Connection Expert
Member Since: ‎09-29-2007
Posts: 6,438

Re: Password revealed in android system log

Glad you worked it out,

Posted by
New Visitor
Member Since: ‎03-03-2011
Posts: 2

Re: Password revealed in android system log

Is this fix the reason why now I have to log in every time I use the app, even if I have the box checked to remember me? It's pretty awful having to log in every single time, and thus don't get alerts, and the widget doesn't get updated.

Posted by
Official Employee
Member Since: ‎05-21-2009
Posts: 1,748

Re: Password revealed in android system log

No. This is fix has nothing do with the issue you mentioned.

That is a seperate known issue that some users have reported. We are working on a fix and it will be included in the next update that is due sometime this month. We suspect that is also happening due to an upgrade scenario. Can you unistall the application, and install a fresh one and see it it still does not remember your login?

 

Thanks,

Kchahal

Advanced
You must be signed in to add attachments