| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201111071532.pA7FWlpY002161@sf01web1.securityfocus.com> Date: Mon, 7 Nov 2011 15:32:47 GMT From: percx@...fus.net To: bugtraq@...urityfocus.com Subject: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage ============================================================================ Foofus.net Security Advisory: foofus-20111107 ============================================================================ Title: Lexmark Multifunction Printer Information exposure Version: X656de Vendor: Lexmark Release Date: 08/05/2011 ============================================================================ 1. Summary: Lexmark multifunction printer device found to be vulnerable to an information leakage vulnerability. ============================================================================ 2. Description: Passwords can be extracted in plan text from the settings export file. http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf ============================================================================ 3. Impact: Exploiting this allows an adversary to extract passwords that can be used to gain access to other critical systems. ============================================================================ 4. Affected Products: Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0) Other Lexmark and Dell branded Multifunction printers may also be vulnerable ============================================================================ 5. Solution: Insure that a complex password is set on printer. ============================================================================ 6) Time Table: 08/05/2011 Vulnerability Disclosed. 11/07/2011 Publishes Advisory ============================================================================ 7) Credits: Discovered by Deral Heiland PercX ============================================================================ 8. Reference: http://www.foofus.net/?page_id=483 http://www.foofus.net http://praeda.foofus.net ============================================================================ The Foofus.Net team is an assortment of security professionals located through out the United States. http://www.foofus.net Follow percX on Twitter @Percent_X ============================================================================
Powered by blists - more mailing lists