PT-2018-12786 · Epson+4 · Epson Iprint+4

Published

2018-08-30

Updated

2019-10-03

CVE-2018-14901

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions EPSON iPrint application version 6.6.3

Description The issue concerns the presence of hard-coded API and Secret keys for various cloud services, including Dropbox, Box, Evernote, and OneDrive, within the application. This could potentially expose user data to unauthorized access.

Recommendations For EPSON iPrint application version 6.6.3, consider removing or securely storing the hard-coded API and Secret keys for the Dropbox, Box, Evernote, and OneDrive services to prevent unauthorized access. As a temporary workaround, restrict access to these services within the application until a secure update is available.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-14901

Affected Products

Box

Dropbox

Epson Iprint

Evernote

Onedrive

PT-2018-12786 · Epson+4 · Epson Iprint+4

CVE-2018-14901

Weakness Enumeration

Related Identifiers

Affected Products

References · 3