PT-2018-14319 · Microsoft+2 · Windows+2
Hodorsec
·
Published
2018-12-14
·
Updated
2019-01-03
·
CVE-2018-18006
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ricoh myPrint application version 2.9.2.4 for Windows
Ricoh myPrint application version 2.2.7 for Android
Description
The issue concerns hardcoded credentials in the Ricoh myPrint application, which can provide unauthorized access to externally disclosed myPrint WSDL API. This access can lead to the discovery of sensitive information, including API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.
Recommendations
For Ricoh myPrint application version 2.9.2.4 for Windows, consider removing or securely storing hardcoded credentials to prevent unauthorized access.
For Ricoh myPrint application version 2.2.7 for Android, consider removing or securely storing hardcoded credentials to prevent unauthorized access.
As a temporary workaround, restrict access to the myPrint WSDL API to minimize the risk of exploitation.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Ricoh Myprint
Windows