GHDB « Hackers For Charity

GHDB

GHDB

Google Search: intitle:"View and Configure PhaserLink"

deadlink rates this entry 6 out of 10.
Submitted: 2004-07-08 16:33:34
Added by: deadlink
Hits: 3743
Score: 6

These printer's configuration is wide open. Attackers can change just about any value through this control panel. Take it from FX, printers can be dangerous too! Besides, a POP3 server, username and password can be entered into these things! =)


Comments:

2004-07-15 14:38:43 (Lord_Doskias): only about 4 and need a pass to change settings

2004-07-17 05:20:07 (murfie): That's still 4 too many though..

About the passwords, there may be a default pair (check the userguides for that, i don't know) or they may be brute forced by an attacker.

alternate search 1 -> inurl:"netconfig_plprint.html"
alternate search 1 -> inurl:"printer_discovery.html"

Phaser™ 840 Printer Support
http://www.office.xerox.com/perl-bin/product.pl?product=Z840&page=sprt#_manuals_and_documentation_
says there are no default passwords for the 840 model..

5. Enter the URL that you have set up for the PhaserLink Help home
page. If you have configured PhaserLink to require a password, enter
it into the Password field. Then click Do/Apply.

N O T E
PhaserLink passwords are not encrypted.