SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (VoIP/Phone/FAX)  >   FaxPress Vendors:   Castelle
Castelle FaxPress Fax Server Discloses Network Print Queue Passwords to Remote Users
SecurityTracker Alert ID:  1003475
SecurityTracker URL:  http://securitytracker.com/id/1003475
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 8 2002
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Software version 6.3
Description:   A vulnerability was reported in Castelle's FaxPress. A remote user can view network print queue passwords.

The FaxPress server can use a network print queue, for which it must know the login name and password. It is reported that a remote user can change the login name (or it may be entered incorrectly), causing an error event to be generated when a document is sent to the print queue. The error reportedly discloses the following type of information, including a plaintext password:

Notice: Network Print Queuing Error For Job XXXX
Notice For: Faxpress Username
Queue: Printer name
Server: NTPrint Server
Login: Login, Password
Error At: Time
Error.

The following demonstration exploit steps are provided:

"-Log into the Faxpress
-Select any printable item eg An Outgoing fax or a failed transmission
-Right click on the item and chose print -Click "Printer" -Click on "Queue"
-Note the username -Change the username eg from "John" to "John1" -Click OK
-Click OK -Click OK -Go to notices -Double click on the printing error

The username "John1" and his password are presented."

The vendor has reportedly been notified.
Impact:   A remote user can obtain the print queue password.
Solution:   No solution was available at the time of this entry. The vendor has reportedly noted that this vulnerability is a feature used for troubleshooting. However, the vendor is reportedly working to fix this in the next release.

As a workaround, the author of the report recommends that administrators ensure that Users are unable to make changes to their mailbox settings.
Vendor URL:  www.castelle.com/products/faxpress/default.htm (Links to External Site)
Cause:   Access control error, Exception handling error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Tue, 5 Feb 2002 16:17:06 -0000
Subject:  Castelle Faxpress: Password used for NT Print queue can be discl


Overview

    I have reported this to Castelle and they told me it is a feature for
troubleshooting, however they will make the change the next time they
release the Faxpress Software. I just thought that other admins should be
made aware so they can check their systems are secured correctly.

    Printing can be configured to use either a printer connected directly to
the parallel port of the fax server or to a Network print queue. When
configuring the system to use a Network print queue the following
information needs to be entered.

NT Host Name
Printer Shareable Name
IP Address
Login Name
Password

    If the login name is either entered incorrectly or changed by a user,
when a document is sent to the print queue an error event will be added to
the notices, This error divulges the following information.

Notice: Network Print Queuing Error For Job XXXX
Notice For: Faxpress Username
Queue: Printer name
Server: NTPrint Server
Login: Login, Password
Error At: Time
Error.

The Login credentials, including the password  are shown in Plain text.

    I assume that most Administrators with this Fax System out there that
use a single username for all Faxpress printing due to the hassle of
changing login information every time a users Password expires, I hope
nobody has just tapped in an Admin accounts details because they were
feeling lazy!

Workarounds: Make sure that Users are unable to make changes to their
mailbox settings.

To re-create the 'feature'
-Log into the Faxpress
-Select any printable item eg An Outgoing fax or a failed transmission
-Right click on the item and chose print -Click "Printer" -Click on "Queue"
-Note the username -Change the username eg from "John" to "John1" -Click OK
-Click OK -Click OK -Go to notices -Double click on the printing error

The username "John1" and his password are presented.
If anyone has problems re-creating this feel free to drop me a mail.

Best Regards

Nard

This opinion expressed is my own and is not of my company.

This E-mail and its attachments have been scanned for viruses before delivery.
We recommend that all attachments are also checked by recipients before being viewed.
For more information contact postmaster@added-dimension.co.uk


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC