PT-2018-12786 · Epson+4 · Epson Iprint+4

Publicado

2018-08-30

Atualizado

2019-10-03

CVE-2018-14901

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions EPSON iPrint application version 6.6.3

Description The issue concerns the presence of hard-coded API and Secret keys for various cloud services, including Dropbox, Box, Evernote, and OneDrive, within the application. This could potentially expose user data to unauthorized access.

Recommendations For EPSON iPrint application version 6.6.3, consider removing or securely storing the hard-coded API and Secret keys for the Dropbox, Box, Evernote, and OneDrive services to prevent unauthorized access. As a temporary workaround, restrict access to these services within the application until a secure update is available.

Exploit

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-14901

Produtos afetados

Box

Dropbox

Epson Iprint

Evernote

Onedrive

PT-2018-12786 · Epson+4 · Epson Iprint+4

CVE-2018-14901

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3