PaulDotCom mailing list archives
HP9000 multifunction devices hooked into AD
From: kbob at mchsi.com (Bob Patterson)
Date: Wed, 4 Nov 2009 07:09:24 -0600
You can use the web interface to make changes to almost all MFPs without authentication or minimal credentials HP and Canon are the worst in that regard. Scan to e-mail accounts are usually set up with a default user name and password for the mfp to authenticate with. Most companys will use and admin account to do this with. So getting one username and password gets you a lot. Oh yea, HP has no authentication on the web browser either so it is pretty easy to get at the information unless you block port 80, if the device allows you to do so. Have fun. -------------------------------------------------- From: "k41zen" <k41zen at live.co.uk> Sent: Tuesday, November 03, 2009 6:55 AM To: "PaulDotCom Security Weekly Mailing List" <pauldotcom at mail.pauldotcom.com> Subject: [Pauldotcom] HP9000 multifunction devices hooked into AD
So a client has purchased several HP9040 multifunction devices (MFP) to allow them to use the scanning feature so that they can scan a doc and have it email the result to them. From the limited documentation provided, several areas of interest jump out such as: Securely stores usernames and email addresses with an LDAP sync from AD Authenticates the user to AD at the printer panel Scan a document and have it automatically emailed to you Scan a document and have it automatically saved to your home drive I get to play with this later this week but wondered if someone has already looked into what fun can be had with these devices. Grateful for any info. Regards, k41zen
Current thread:
- HP9000 multifunction devices hooked into AD k41zen (Nov 03)
- HP9000 multifunction devices hooked into AD Bradley McMahon (Nov 03)
- HP9000 multifunction devices hooked into AD Tim Mugherini (Nov 03)
- HP9000 multifunction devices hooked into AD k41zen (Nov 03)
- HP9000 multifunction devices hooked into AD Robert Portvliet (Nov 03)
- HP9000 multifunction devices hooked into AD k41zen (Nov 03)
- HP9000 multifunction devices hooked into AD Bob Patterson (Nov 04)
- HP9000 multifunction devices hooked into AD k41zen (Nov 04)
- HP9000 multifunction devices hooked into AD Tim Mugherini (Nov 03)
- HP9000 multifunction devices hooked into AD Bob Patterson (Nov 04)
- HP9000 multifunction devices hooked into AD Michael Miller (Nov 10)
- HP9000 multifunction devices hooked into AD Bradley McMahon (Nov 03)