OSX: the HP printer tool program security vulnerabilities(HP Utility. app)?- Vulnerability warning-the black bar safety net

ID MYHACK58:62201443048
Type myhack58
Reporter 佚名
Modified 2014-03-13T00:00:00


If you have a“newer”models of the HP Uility. app supported HP printer, then you can easily from the HP Utility program Management section of the printer configuration, this feature is and HP WebJet Admin provides similar functionality, but function a lot less, and is not suitable for the network environment batch configuration and management. If to the network settings, you can easily set / change the printer's network configuration, such as IP address, etc.


This program is stored in the/Library/Printers/hp/Utilities directory, is with HP printer driver installation packages are installed together.

This feature is very suitable for personal users, but in corporate network environment will cause problems. Just imagine anyone can feel free to change the IP address, then other people will not be able to print! Administrator if you ignore this safety hazard, then have you busy.

In fact, the HP Utility programs rely on SNMPv1/v2 to communicate with the printer, so, you can disable it or set to read-only, can prevent a client without permission to modify the printer configuration Networking->Network Settings->SNMP in.

However not so simple, because in a network environment manage HP printer, are generally not forget using HP Web JetAdmin, which is HP manage network printers the most practical and powerful tool, and its default is also practical SNMPv1/v2 to find the manage network printer, if it is prohibited, it can not be found, if you set read-only, then the management can't. So it is necessary to enable SNMPv3 to manage, because v3 supports authentication and encrypted transmission, so more secure.

Another: now almost all printers Support Web interface configuration and management, and is the basic means, so the printer initial configuration of the password management is essential and convenient, such as HP's Newtorking->Security->Authorization, set the admin Password. Some also support ACLS, these are the Enhanced Security Technology.