Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Many Vulnerabilities Found in PrinterLogic Enterprise Software

Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks.

Vulnerabilities identified in PrinterLogic’s enterprise management printer solution could expose organizations to authentication bypass, SQL injection, cross-site scripting (XSS) and other types of attacks.

PrinterLogic’s platform allows organizations to manage all printers within their environments from a single console.

An analysis of the PrinterLogic SaaS platform and of the source code of the Virtual Appliance available on PrinterLogic’s website (Build 1.0.757) has revealed 18 vulnerabilities that could allow attackers to bypass authentication, inject code, and expose credentials, among others. The analysis was conducted by security researchers at Australian employment marketplace Seek.

One major issue the researchers discovered is that the platform is susceptible to an authentication bypass attack, allowing unauthenticated third-parties to access administrative scripts and modify the service’s configuration.

The bug exists because the application lacks a central framework for authentication and authorization handling. The individual PHP files need to implement the necessary checks instead, but, because some files lack these checks, unauthenticated access is possible via their direct URLs.

Another major problem the researchers have discovered is that the platform uses a flawed mechanism for preventing SQL injection, and that no input validation is present in some cases, which could lead to SQL injection.

The researchers also discovered multiple XSS flaws in the application, which could be exploited to hijack administrator accounts by leaking user session cookies. Furthermore, because the application does not issue a new session identifier after login, an attacker in possession of a session ID could use it to bypass authentication.

When logging in as admin, the URL contains the encoded password, which could be leaked via “referrer headers, browser history, server logs, proxy logs, URL shortening services,” and more, the researchers say.

Advertisement. Scroll to continue reading.

The application was also found to log requests that may contain passwords in plaintext and to store passwords using unsalted SHA1 hashing. When transmitting usernames and passwords, the application uses a double base64 encoding for obfuscation, but attackers can easily recover these credentials.

The researchers also discovered that no cross-site request forgery (CSRF) checks are enforced for most forms, that the application allows admins to manually upload printer drivers with known vulnerabilities or which have not been cryptographically signed with valid certificates, and that it lacks authorization checks.

Other identified issues include the enumeration of user emails via the forgot password function, the inclusion of an arbitrary URL in an iframe (leading to untrusted file downloads), the possibility to rename a host to impersonate another machine, OAuth authentication bypass, cookie values included in the page body, and the use of known vulnerable JavaScript libraries.

The researchers initiated the responsible disclosure process in February, but the vendor has yet to provide a patch time frame. The company did note that some issues impact legacy code and at least one flaw will not be patched. 

Related: PrinterLogic Patches Code Execution Flaws in Printer Management Suite

Related: Critical Vulnerability Impacts Over 120 Lexmark Printers

Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights