Lucene search

K
hpHP Product Security Response TeamHP:C02738104
HistoryMar 01, 2011 - 12:00 a.m.

HPSBPI02640 SSRT100410 rev.2 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass

2011-03-0100:00:00
HP Product Security Response Team
support.hp.com
4

0.001 Low

EPSS

Percentile

50.3%

Potential Security Impact

Authentication bypass

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could cause authentication to be disabled for managed devices. This could allow access to the devices from the Digital Sending Software without authentication.

RESOLUTION

The vulnerability can be avoided as follows. When using the Configuration Template feature added in version 4.91 of the HP MFP Digital Sending Software:

  • Ensure that authentication is specified in all device templates.

  • Reconfigure all devices previously configured using templates with these revised templates.

> note:
>
> The procedure above is needed only if authentication is required, and the device had previously been configured using a template that did not include authentication settings.

0.001 Low

EPSS

Percentile

50.3%

Related for HP:C02738104