Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2018/Nov/46 | Exploit Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-14T15:00:00
Updated: 2018-12-14T14:57:02
Reserved: 2018-10-05T00:00:00
Link: CVE-2018-18006
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-14T15:29:00.623
Modified: 2019-01-03T14:11:07.357
Link: CVE-2018-18006
JSON object: View
Redhat Information
No data.
CWE