HP JetDirect JetAdmin Password Vulnerability

HP JetDirect JetAdmin is the installation and management software for HP's line of commercial print servers.

HP JetDirect devices configured using the JetAdmin web interface do not set a password for telnet access when the administrator password is chosen. As a result, the telnet port will be left exposed to unrestricted remote access. Remote users with malicious intent will be able to access the device to cause a denial of service, or potentially monitor printer activity to gather information that may be used to compromise systems.

Additionally, this problem is compounded by the fact that the admin password is reset when the device is rebooted.


Privacy Statement
Copyright 2010, SecurityFocus