Reply
Contributor
absurdist
Posts: 6
Registered: ‎02-11-2011
Accepted Solution

Password revealed in android system log

I have the android Xfinity app installed.  I have found my username and password exposed in plain text in the android system log. That log should not contain sensitive information, and this is a serious security issue.

Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log

What version of android are you running? What platform are you running android on?
What app are you using to look at the system log with and where are you finding it?
Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log

[ Edited ]

I have escalated this issue to the Forum Administrator for investigation.

 

Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log

Using Astro, I was able to find a log in /sustem/bin  but was unable to open and read the log.

Is that the log you are speaking of?

What Tool are you using to read the log and searcch for the Password?

Contributor
absurdist
Posts: 6
Registered: ‎02-11-2011

Re: Password revealed in android system log

I read the log using aLogcat (app available in the market).  Open aLogcat, press menu and filter for "password".

 

My log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager".  After I clear my log (using aLogcat) that line reappears even when I haven't used the xfinity appI don't use my comcast credentials in any other app.

 

I have a Motorola Droid running Android 2.2.

 

Thank you for looking into this.

Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log

[ Edited ]

Sorry for the blank post.  Droid sometimes is smarter than I am.:smileysad:

Can you get rid of it by clearing cache on your Droid?

If so, then when you log in, don/t check "RememberMe"

We will rattle the cages one more tie to see if there is a way to store it encrypted.

Networking Expert
kevj
Posts: 4,837
Registered: ‎10-03-2003

Re: Password revealed in android system log

[ Edited ]

I've confirmed this on my Captivate (Android 2.1).

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I don't work for Comcast...


Help us to help you!!
- respond to requests for info
- post back if your issue is resolved
- mark appropriate posts as solutions


Send feedback to Comcast using the 'feedback' link on this page:
http://www.comcast.com/Corporate/Customers/CustomerGuarantee.html?SCRedirect=true

Official Employee
ComcastKchahal
Posts: 1,748
Registered: ‎05-21-2009

Re: Password revealed in android system log

[ Edited ]

We are looking into this and investigating and there is an update coming out soon(within a week or two) which shall address this issue for sure.

 

Kchahal

Contributor
absurdist
Posts: 6
Registered: ‎02-11-2011

Re: Password revealed in android system log

I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure.  I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.

Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log


absurdist wrote:

I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure.  I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.


go into men/setttings and clear the form data and turn off saving of passwords

Contributor
absurdist
Posts: 6
Registered: ‎02-11-2011

Re: Password revealed in android system log

I don't see those option in the Xfinity app.  Do you mean in the browser?  I don't save passwords in my browser.

Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log

Cap on browser Tap on more, cap on settings and scroll down to where you can uncheck save password and do a clear cache
Contributor
absurdist
Posts: 6
Registered: ‎02-11-2011

Re: Password revealed in android system log

"Remember Passwords" was already unchecked in my browser.  I cleared my browser cache and form fields, but that doesn't remove my credentials from the system log.  I can clear the system log using aLogcat, but my credentials reappear if I log back into the Xfinity Mobile app.

Official Employee
ComcastKchahal
Posts: 1,748
Registered: ‎05-21-2009

Re: Password revealed in android system log

absurdist - download the new 2.0.2 update and see if you are still seeing the old behaviour? 

 

New Visitor
jasonbrneid4
Posts: 1
Registered: ‎02-19-2011

Re: Password revealed in android system log

Passwords are not showing up for me in the system log Now.

 

updated the new version in my Droid X.

 

Contributor
absurdist
Posts: 6
Registered: ‎02-11-2011

Re: Password revealed in android system log

I downloaded the updated app and cleared data in Settings.  My credentials are no longer showing up in the log.  Thanks for the quick fix.  :smileyhappy:

Connection Expert
JamesR
Posts: 6,427
Registered: ‎09-29-2007

Re: Password revealed in android system log

Glad you worked it out,

New Visitor
WhatsACubit
Posts: 2
Registered: ‎03-03-2011

Re: Password revealed in android system log

Is this fix the reason why now I have to log in every time I use the app, even if I have the box checked to remember me? It's pretty awful having to log in every single time, and thus don't get alerts, and the widget doesn't get updated.

Official Employee
ComcastKchahal
Posts: 1,748
Registered: ‎05-21-2009

Re: Password revealed in android system log

No. This is fix has nothing do with the issue you mentioned.

That is a seperate known issue that some users have reported. We are working on a fix and it will be included in the next update that is due sometime this month. We suspect that is also happening due to an upgrade scenario. Can you unistall the application, and install a fresh one and see it it still does not remember your login?

 

Thanks,

Kchahal