lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 16 Oct 2011 15:17:32 -0700 (PDT)
From: dh@...ereddefense.com
To: full-disclosure@...ts.grok.org.uk
Subject: foofus.net security advisory - Toshiba EStudio
	Multifunction Printer Authentication Bypass

============================================================================
Foofus.net Security Advisory: foofus-20111016
============================================================================
Title:		Toshiba EStudio Multifunction Printer Authentication Bypass
Version:	e-Studio series devices
Vendor:		Toshiba 
Release Date:	01/29/2010
Issue Status:	Contacted by Vendor on 2/25/2011 about release of a firmware patch.
============================================================================

1. Summary:

Toshiba e-Studio devices found to be vulnerable to an authentication bypass 
vulnerability.  

============================================================================

2. Description:

The authentication is easily bypassed by adding a extra / in the URL after 
TopAccess.

Example:
http://IP Address/TopAccess//Administrator/Setup/ScanToFile/List.htm

============================================================================

3. Impact:

Exploiting this allows an adversary to gain access to the device via the web 
management interface without authenticating.

============================================================================

4. Affected Products:

All e-Studio devices tested against have been found to be vulnerable as of 
July 2011. 

Validation of specific firmware versions have not been conducted. 
This is due to limited access to devices

Note: It is possible devices with latest release of firmware may 
not be vulnerable. These have not been tested.

============================================================================

5. Solution:

   Contact vendor and request firmware upgrade to patch security issue.

============================================================================

6) Time Table:

01/29/2011 Reported Vulnerability. 

02/25/2011 Vendor acknowledged issue and stated firmware patch would soon 
           be available 

March - July 2011 continued attempts to contact vendor to confirm firmware 
                  patch. Request were never answered.
10/16/2011 Publishes Advisory

============================================================================

7) Credits: Discovered by Deral Heiland PercX 

============================================================================

8. Reference:
   http://praeda.foofus.net
   http://www.foofus.net/?page_id=411


============================================================================
 
The Foofus.Net team is an assortment of security professionals located 
through out the United States. http://www.foofus.net

Follow percX on Twitter @Percent_X

============================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ