lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 28 Mar 2014 18:26:35 -0400
From: Matt Andreko <>
To: Taylor Hornby <>,
Subject: Re: [FD] Canon Printer Exposes WiFi Password

I found the same issue and more (even a DoS) in the Canon web UI:

Unfortunately, Canon's response seems less than impressive. They apparently
don't really care as long as the product sells. Their response is pretty
much, "Nobody would be stupid enough to put it on a public IP", yet there
are hundreds on ShodanHQ. I saw some for big universities' libraries.
Imagine the fun a bad-guy could have DoS'ing the printer during finals-week.

I was trying to reverse the firmware, to find more bugs, but didn't have a
lot of luck, as that's not really my thing. However, I'm guessing someone
that does it regularly could have a hay-day.

On Fri, Mar 28, 2014 at 5:20 PM, Taylor Hornby <> wrote:

> Affects: Canon PIXMA MX722 Printer (and probably other Canon printers).
> After typing my WPA2 WiFi password into the printer (through the
> built-in hardware keypad), it exposes the cleartext password to the LAN
> through an admin page that isn't password protected:
> You can enable password protection of that page, but:
> 1) There is no password protection by default. It silently exposes your
>    password, and you'll never know unless you go looking for it.
> 2) There's no need to embed the actual password in the HTML form anyway.
>    They could have used placeholder text instead of the real password.
> Regards,
> --
> Taylor Hornby
> _______________________________________________
> Sent through the Full Disclosure mailing list
> Web Archives & RSS:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists