CVE-2018-18006

Name of the Vulnerable Software and Affected Versions Ricoh myPrint application version 2.9.2.4 for Windows Ricoh myPrint application version 2.2.7 for Android

Description The issue concerns hardcoded credentials in the Ricoh myPrint application, which can provide unauthorized access to externally disclosed myPrint WSDL API. This access can lead to the discovery of sensitive information, including API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

Recommendations For Ricoh myPrint application version 2.9.2.4 for Windows, consider removing or securely storing hardcoded credentials to prevent unauthorized access. For Ricoh myPrint application version 2.2.7 for Android, consider removing or securely storing hardcoded credentials to prevent unauthorized access. As a temporary workaround, restrict access to the myPrint WSDL API to minimize the risk of exploitation.