[12663] in bugtraq
Re: Tektronix PhaserLink Webserver Reveals Admin Password
daemon@ATHENA.MIT.EDU (elfchief@LUPINE.ORG)
Fri Nov 19 18:12:37 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <19991118171450.26796.qmail@zash.lupine.org>
Date: Thu, 18 Nov 1999 09:14:50 -0800
Reply-To: elfchief@LUPINE.ORG
From: elfchief@LUPINE.ORG
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSI.4.05L.9911171602000.25730-100000@maxx.mc.net> from
Blake Frantz at "Nov 17, 1999 04:43:35 pm"
> Here are a couple more problems with the Tektronix webserver services:
And one more: Even in absence of any sort of password- (or password hash-)
aquiring attack, it's still possible to use up all of someone's consumables
without a password at all -- No trickery required!
[Keep in mind that a toner set for a 780 is ~ $600]
The "configure settings" page (http://printer/button_config.html) has
a drop-down menu that allows you to print a number of different
pages (test pages, color samples, startup page). This menu, and the
functions it performs, do not require a password of any sort. Go to the
page, select "CMYK Sampler Prints", click the button, and sit back while
32 pages of toner and paper go away.
[I reported this to Tektronix more than 6 months ago, at the same time I
reported a printer-crashing bug. They fell all over themselves to fix
the crashing bug (with some of the best support I'd ever gotten ... good
job!), but seemed truly uninterested in stopping random people from being
able to consume one's toner.]
Me, I just firewall my damned printer.
-WW
