Full Disclosure mailing list archives
Re: HP Photosmart vulnerabilities
From: Joshua Levitsky <jlevitsk () joshie com>
Date: Fri, 28 Dec 2007 10:32:29 -0500
Do you mean to tell me someone can come to my house and after I let them on my network they can see how soon I need toner? Oh crap I better not let anyone over for New Year's!!! There is a reason it's a $200 home/home office printer. It's not meant to sit on the internet. It's not meant to be in a military facility. It is meant to be simple to use. I think next I shall contact Sears because I suspect someone can steal my water by simply placing a glass up to the front of the fridge without my knowledge, and I'm not positive but I think they can take my ice as well. On Dec 28, 2007, at 10:16 AM, <uncleron () hushmail com> wrote:
HP Photosmart C6280 (and probably other) network printers ship with insecure default settings. The printer ships with SNMP enabled using the default community strings for both public and private. HP does not document the use of SNMP, or provide a way for users to change the default community strings. The printer also includes a web based admin tool which runs over http, without even an option for ssl. Several attempts to contact HP have proven futile. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HP Photosmart vulnerabilities uncleron (Dec 28)
- Re: HP Photosmart vulnerabilities Joshua Levitsky (Dec 28)
- Re: HP Photosmart vulnerabilities Mo.Ron Hubbard (Dec 28)
- <Possible follow-ups>
- Re: HP Photosmart vulnerabilities uncleron (Dec 28)
- Re: HP Photosmart vulnerabilities Joshua Levitsky (Dec 28)
- Re: HP Photosmart vulnerabilities 3APA3A (Dec 28)