Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18905
HistoryJan 20, 2008 - 12:00 a.m.

[CSNC] OKI C5510MFP Printer Password Disclosure

2008-01-2000:00:00
vulners.com
33
JSON

#############################################################

COMPASS SECURITY ADVISORY http://www.csnc.ch/

#############################################################

Product: OKI C5510MFP Printer

Vendor: OKI Printing Solutions

(http://www.okiprintingsolutions.com/)

Subject: Printer Reveals Password /

Password and the configuration can be altered without

authentication

Risk: High

Effect: Remotely exploitable

Author: Adrian Leuenberger (adrian.leuenberger (at) csnc (dot)

ch)

Date: 01/17/2008

#############################################################

Introduction:

The OKI C5510MFP printer offers a web interface for the configuration.
Certain pages require higher privileges for making changes. However, the
password required for accessing these pages is sent to the client in
clear text by the printer. Furthermore, the password can be set without
prior authentication. Consequently, the whole configuration can be
changed without knowing the password.

Vulnerable:

The tested model is an OKI C5510MFP (Printer CU Version: H2.15 / Printer
PU Version: 01.03.01 / System F/W Version: 1.01 / Web Page Version:
1.00). However, it is likely that other printers are affected as well.

Remediation:

Currenty, there is no workaround on the printer itself. A solution would
be to implement ACLs in the network infrastructure level / firewall and
block communication with ports that are not needed for printing.

Vulnerability Management:

09/26/2007: Vendor notified
10/04/2007: Vendor receipt
01/16/2008: According to our contact at OKI, the information will be
used for further development and there will be no patched firmware for
the affected printers.

Patches:

None

Description:

Basically, the vulnerability comes from a design flaw. There are two
methods for configuring the printer:

1) Via Browser
When requesting the webpage, a Java applet is downloaded and started.
The applet creates a connection to TCP port 5548 on the printer and
receives the configuration in clear text including the current
administration password.

2) Via OKIMFP Network Setup Tool
The client running on the PC creates a connection to TCP port 7777 and
receives the configuration in clear text including the current
administration password.

References:

http://www.csnc.ch/en/downloads/advisories.html

JSON