Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Network Appliances :: prt6036.htm

HP Jetdirect SNMP password vulnerability when using Web JetAdmin



4th Mar 2003 [SBWID-6036]
COMMAND

	HP Jetdirect SNMP password vulnerability when using Web JetAdmin

SYSTEMS AFFECTED

	HP  Jetdirect  cards  JetDirect  300X,  (J3263A),  JetDirect   EX   Plus
	(J2591A), JetDirect  400N  (J2552A,  J2552B),  JetDirect  600N  (J3110A,
	J3111A, J3113A) and older.

PROBLEM

	Sven Pechler of University of Technology Eindhoven found :
	
	--snip--
	
	A Web Jetadmin "device password" had been set  on  the  JetDirect  card.
	(This password must be set from Web Jetadmin and has nothing to do  with
	the Telnet password or the SNMP Set community name)
	
	In the above situation the Web Jetadmin device password is  readable  as
	plain ASCII tekst from the JetDirect card using SNMP.
	
	How to check your printers for this vulnerability:
	
	Use an SNMP toolkit to read the following OID from your printer:
	
	.iso.org.dod.internet.private.enterprises.hp.nm.system.net-peripheral.net-
	printer.generalDeviceStatus.gdPasswords
	
	(In numerical format: .1.3.6.1.4.1.11.2.3.9.1.1.13.0)
	
	An example on  a  Windows  machine,  using  SNMPUTIL  from  the  Windows
	Resource kit:
	
	C:\>snmputil get 131.155.120.118 public .1.3.6.1.4.1.11.2.3.9.1.1.13.0
	Variable = .iso.org.dod.internet.private.enterprises.11.2.3.9.1.1.13.0
	Value    = String 
	<0x41><0x42><0x43><0x44><0x55><0x56><0x3d><0x31><0x30><0x38><0x3b><0x00><0x00><0x00><0x00> ..etc...
	
	The resulting string  reads  in  ASCII:  ABCDEF=108;  The  Web  Jetadmin
	device password is the word before the '=' sign, in this case: ABCDEF
	
	--snap--

SOLUTION

	 Workarounds:
	 ============
	
	 1.	Keep the Web Jetadmin device password EMPTY (don't do this on newer cards than the ones mentioned above)
	 2.	Define a 'Set community name'  instead
	
	Additional  means   of   protection   (does   not   address   the   SNMP
	vulnerability):
	
	 3.	Define a telnet password (do not keep it empty)
	 4.	Create an 'allow list' from the Telnet console to restrict access from defined IP-addresses


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH