I’ve just discovered you can fetch the wifi password you used to login to your wifi router as an unprivileged user. Tested it, it works (on Linux at least).
I can put that code in an otherwise “legit” app, nick your password and send it back to me, all as an unprivileged user.
Am I misunderstanding something here, or is that a massive security issue? Appreciate I don’t know where “you” live, but what if I ask for name/address as part of a CRM, for example? I could then sell that data to bad people in your local area.
I guess the router firmware is not updated
It gets it from the PC rather than the router itself.
Wow, that seems to be a hot topic among Linux enthusiasts, ranging from those who claim “Those passwords can’t be seen unless you’re root” to the other extreme.
The problem should exist in any OS that remembers wifi passwords (to the extent that the passwords must be retained as plain text).
I’d think that web apps would be sufficiently sandboxed to not allow access to the relevant files.
Web apps for sure, but native ones would have access. The article I saw showed windows & linux techniques.