Full Disclosure mailing list archives
Re: HP Photosmart vulnerabilities
From: "Mo.Ron Hubbard" <securentology () gmail com>
Date: Fri, 28 Dec 2007 11:00:12 -0500
It is actually scary that someone would not know that a disposable consumer product has some issues. Spoon feed much? I guess on your planet perfection is expected at a very low price tag. I am pretty sure that most if not all network devices default with these same silly plug "N" play regardless of its price tag: public , private, tomato, tomatoe woo hoo, I have to rtfm again. The development folks on my world are always leaving the defaults for the users to change why because its cheaper to mass produce and test. Mo.Ron Hubbard Chief Inquisitor Securentology On 12/28/07, uncleron () hushmail com <uncleron () hushmail com> wrote:
HP Photosmart C6280 (and probably other) network printers ship with insecure default settings. The printer ships with SNMP enabled using the default community strings for both public and private. HP does not document the use of SNMP, or provide a way for users to change the default community strings. The printer also includes a web based admin tool which runs over http, without even an option for ssl. Several attempts to contact HP have proven futile. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HP Photosmart vulnerabilities uncleron (Dec 28)
- Re: HP Photosmart vulnerabilities Joshua Levitsky (Dec 28)
- Re: HP Photosmart vulnerabilities Mo.Ron Hubbard (Dec 28)
- <Possible follow-ups>
- Re: HP Photosmart vulnerabilities uncleron (Dec 28)
- Re: HP Photosmart vulnerabilities Joshua Levitsky (Dec 28)
- Re: HP Photosmart vulnerabilities 3APA3A (Dec 28)