This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WiFi Policy Password Exploit - Sophos Central Admin

Hello, 

We have a Wifi Policy setup through Sophos Central Admin as below, and we have a number of Admins/Sudo Admins that have various configuration permissions. I myself, as you can see, do not have access to change any of this information or view it in great detail.

However, what is concerning is, if I press the back button as shown, in either Chrome or Edge, I am prompted to 'save password' which then provides me the Wifi Password in plain text. How is it that the browsers are able to pull this information? 



This thread was automatically locked due to age.
Parents Reply Children
  • Essentially yes. I don't think I'm a full admin, I have a lot of permissions to view, but not to make changes. but yes, as you can see I have no options to view or change the Wi-Fi password and you can see in my original screenshot the SSID is EBF-Phones, however when I click the back button I'm presented with this box even though I never entered any information

    Then if I press the eye-icon on the right it allows me to see the full password in plain text. I imagine this can't be by design?