On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
References
Link | Resource |
---|---|
http://support.lexmark.com/index?page=content&id=TE909 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-12T16:00:00
Updated: 2019-03-12T16:57:01
Reserved: 2018-10-03T00:00:00
Link: CVE-2018-17944
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-12T16:29:00.220
Modified: 2019-03-13T15:25:33.013
Link: CVE-2018-17944
JSON object: View
Redhat Information
No data.
CWE