Penetration Testing mailing list archives
Re: empty sa passwords on network printers ??
From: H D Moore <sflist () digitaloffense net>
Date: Mon, 12 Dec 2005 13:45:53 -0600
If the printer runs a real operating system (linux, windows, solaris), treat it just like any other server with regards to risk. Xerox is famous for deploying huge printers that run exploitable services (Solaris 2.6, Linux-based, etc). If the printer is running Microsoft SQL Server with a blank password for the 'sa' account, you should be able to do the same things to it that could with a server - monitor all transactions, install sniffers, insert a backdoor, etc. -HD On Friday 09 December 2005 13:50, Jason Rusch wrote:
curious whats peoples opinion on the risk level etc concerning empty SA passwords on network printers?
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- empty sa passwords on network printers ?? Jason Rusch (Dec 09)
- RE: empty sa passwords on network printers ?? Ben Nagy (Dec 10)
- network printers Mark Brunner (Dec 10)
- Re: network printers Justin (Dec 12)
- Re: network printers perrymonj (Dec 13)
- Re: network printers Paul Asadoorian (Dec 13)
- Re: network printers Jason Baeder (Dec 13)
- network printers Mark Brunner (Dec 10)
- Re: network printers Sean Peterson (Dec 16)
- RE: empty sa passwords on network printers ?? Ben Nagy (Dec 10)