|
|
|
|
| |
| QMS, a major developer of printers of all kinds (which of course include network connectivity), sells a printer named QMS 2060 FX. This printer (and it is very possible that other printers from this manufacturer are vulnerable too) contains a serious security hole that enables remote users to take over the printer remotely and create total havoc. This threat can only be avoided by purchasing a special hardware (an addition to the printer). Naturally, this extra hardware costs money, and users that do not wish to spend that amount are left with unprotected printers. |
| |
Credit:
This vulnerability has been discovered by: Frank Bures.
|
| |
The QMS 2060FX network printer is guarded by a password file. When establishing a password file, everyone will be required to enter password to gain an access to the printer except for the root user. Anyone can log in as root with any password and consequently change or delete the password file altogether, change printer configuration, or anything the printer can do.
After lengthy investigation with the QMS customer support it became apparent that this it not a bug but a feature. In order to make the root password protected, one has to buy a "security key", which is a little DB-9 plug, which is plugged in the matching connector at the rear of the printer. Only then, a root password can be established (obviously, until then establishing a password file is totally meaningless).
|
|
|
|
|
|
|
|
|
|
