Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Many Vulnerabilities Found in PrinterLogic Enterprise Software

Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks.

Vulnerabilities identified in PrinterLogic’s enterprise management printer solution could expose organizations to authentication bypass, SQL injection, cross-site scripting (XSS) and other types of attacks.

PrinterLogic’s platform allows organizations to manage all printers within their environments from a single console.

An analysis of the PrinterLogic SaaS platform and of the source code of the Virtual Appliance available on PrinterLogic’s website (Build 1.0.757) has revealed 18 vulnerabilities that could allow attackers to bypass authentication, inject code, and expose credentials, among others. The analysis was conducted by security researchers at Australian employment marketplace Seek.

One major issue the researchers discovered is that the platform is susceptible to an authentication bypass attack, allowing unauthenticated third-parties to access administrative scripts and modify the service’s configuration.

The bug exists because the application lacks a central framework for authentication and authorization handling. The individual PHP files need to implement the necessary checks instead, but, because some files lack these checks, unauthenticated access is possible via their direct URLs.

Another major problem the researchers have discovered is that the platform uses a flawed mechanism for preventing SQL injection, and that no input validation is present in some cases, which could lead to SQL injection.

The researchers also discovered multiple XSS flaws in the application, which could be exploited to hijack administrator accounts by leaking user session cookies. Furthermore, because the application does not issue a new session identifier after login, an attacker in possession of a session ID could use it to bypass authentication.

When logging in as admin, the URL contains the encoded password, which could be leaked via “referrer headers, browser history, server logs, proxy logs, URL shortening services,” and more, the researchers say.

Advertisement. Scroll to continue reading.

The application was also found to log requests that may contain passwords in plaintext and to store passwords using unsalted SHA1 hashing. When transmitting usernames and passwords, the application uses a double base64 encoding for obfuscation, but attackers can easily recover these credentials.

The researchers also discovered that no cross-site request forgery (CSRF) checks are enforced for most forms, that the application allows admins to manually upload printer drivers with known vulnerabilities or which have not been cryptographically signed with valid certificates, and that it lacks authorization checks.

Other identified issues include the enumeration of user emails via the forgot password function, the inclusion of an arbitrary URL in an iframe (leading to untrusted file downloads), the possibility to rename a host to impersonate another machine, OAuth authentication bypass, cookie values included in the page body, and the use of known vulnerable JavaScript libraries.

The researchers initiated the responsible disclosure process in February, but the vendor has yet to provide a patch time frame. The company did note that some issues impact legacy code and at least one flaw will not be patched. 

Related: PrinterLogic Patches Code Execution Flaws in Printer Management Suite

Related: Critical Vulnerability Impacts Over 120 Lexmark Printers

Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.