CVE-2019-20457

Name of the Vulnerable Software and Affected Versions Brother MFC-J491DW version C1806180757

Description An issue was discovered where the printer's web-interface password hash can be retrieved without authentication. This occurs because the response header of any failed login attempt returns an incomplete authorization cookie, which is the MD5 hash of the password in hexadecimal. An attacker can derive the true MD5 hash and use offline cracking attacks to obtain administrative access to the device.

Recommendations For Brother MFC-J491DW version C1806180757, update the firmware to the latest version available to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the web interface until the update is applied.