TUCoPS :: Network Appliances :: prt5568.htm

HP Network-Enable Printers (JetDirect) leaks http/telnet passwords via snmp
29th Jul 2002 [SBWID-5568]
COMMAND

	HP Network-Enable Printers (JetDirect) leaks http/telnet  passwords  via
	snmp

SYSTEMS AFFECTED

	HP JetDirect release up till now ? (29 July 2002)

PROBLEM

	In FX [fx@phenoelit.de] and kim0 [kim0@phenoelit.de] of Phenoelit  Group
	[http://www.phenoelit.de]                                       advisroy
	[http://www.phenoelit.de/stuff/HP_snmp.txt] :
	

	SNMP  variable  accessible  by  SNMP  READ  exposes  HTTP   and   TELNET
	administrative access password in HEX
	

	.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0

	

	An SNMP read request to this variable will  return  a  HEX  string  such
	as	0x01 0X15  0x41  0X41,  where  the  numbers  after  the  second  byte
	represent the password in ASCII (in this case, the password is 'AA').
	

	[ Example ]
	

	linux# snmpget <printer_ip> public .iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0

	

SOLUTION

	None yet

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH