Pass-Back Attack vulnerability in Konica Minorta bizhub series

Overview Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Vulnerability that could allow a Pass-Back Attack CWE-522 - CVE-2025-6081 Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

CVE-2025-6081 Pass-back attack in Konica Minolta bizhub 227 multifunctional printers

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker...

CVE-2025-6081

CVE-2025-6081 affects Konica Minolta bizhub 227 MFPs (firmware GCQ-Y3 or earlier). The issue enables a pass-back attack by reconfiguring the device to use an external LDAP server controlled by an attacker, which can lead to capturing plaintext LDAP credentials when the device authenticates to tha...

CVE-2025-6081 Pass-back attack in Konica Minolta bizhub 227 multifunctional printers

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker...

CVE-2024-51984 Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An authenticated attacker can reconfigure the target device to use an external service such as LDAP or FTP controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the...

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers MFPs that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol LDAP and SMB/FTP services. "This pass-back style attack leverages a...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...

CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

AVTECH Software Room Alert 4E 安全漏洞

AVTECH Software Room Alert 4E is an environmental monitoring device from AVTECH Software. A security vulnerability exists in AVTECH Software Room Alert 4E version v4.4.0, which originated from a vulnerability that allows an attacker to gain access to plaintext credentials via a pass-back attack...