PT-2017-19087 · Pdq Manufacturing · Laserwash G5 S+9

Billy Rios

Published

2017-08-07

Updated

2019-10-09

CVE-2017-9632

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PDQ Manufacturing LaserWash G5 and G5 S Series versions all PDQ Manufacturing LaserWash M5 versions all PDQ Manufacturing LaserWash 360 and 360 Plus versions all PDQ Manufacturing LaserWash AutoXpress and AutoExpress Plus versions all PDQ Manufacturing LaserJet versions all PDQ Manufacturing ProTouch Tandem versions all PDQ Manufacturing ProTouch ICON versions all PDQ Manufacturing ProTouch AutoGloss versions all

Description A Missing Encryption of Sensitive Data issue was discovered. The username and password are transmitted insecurely.

Recommendations For all versions of the affected products, consider implementing secure transmission protocols to protect sensitive data, such as encrypting the username and password during transmission. As a temporary workaround, restrict access to sensitive areas of the system that rely on the insecurely transmitted username and password until a proper fix is implemented.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2017-9632

Affected Products

Laserjet

Laserwash 360

Laserwash 360 Plus

Laserwash Autoexpress Plus

Laserwash Autoxpress

Laserwash G5 S

Laserwash M5

Protouch Autogloss

Protouch Icon

Protouch Tandem

PT-2017-19087 · Pdq Manufacturing · Laserwash G5 S+9

CVE-2017-9632

Weakness Enumeration

Related Identifiers

Affected Products

References · 2