HP9000 multifunction devices hooked into AD

[kbob at mchsi.com (Bob Patterson)]

You can use the web interface to make changes to almost all MFPs without 
authentication or minimal credentials
HP and Canon are the worst in that regard. Scan to e-mail accounts are 
usually set up with a default user name and password for the mfp to 
authenticate with. Most companys will use and admin account to do this with. 
So getting one username and password gets you a lot. Oh yea, HP has no 
authentication on the web browser either so it is pretty easy to get at the 
information unless you block port 80, if the device allows you to do so. 
Have fun.
--------------------------------------------------
From: "k41zen" <k41zen at live.co.uk>
Sent: Tuesday, November 03, 2009 6:55 AM
To: "PaulDotCom Security Weekly Mailing List" 
<pauldotcom at mail.pauldotcom.com>
Subject: [Pauldotcom] HP9000 multifunction devices hooked into AD

> So a client has purchased several HP9040 multifunction devices (MFP)  to 
> allow them to use the scanning feature so that they can scan a doc  and 
> have it email the result to them.
>
> From the limited documentation provided, several areas of interest  jump 
> out such as:
>
> Securely stores usernames and email addresses with an LDAP sync from AD
> Authenticates the user to AD at the printer panel
> Scan a document and have it automatically emailed to you
> Scan a document and have it automatically saved to your home drive
>
> I get to play with this later this week but wondered if someone has 
> already looked into what fun can be had with these devices.
>
> Grateful for any info.
>
> Regards,
>
> k41zen