• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 276
  • Last Modified:

Web Interface - Printers

I've been doing some research on printer security and have noticed that for the 400 or so networked printers we have in our company, simply by finding the printers IP address in the ports tab, and typing it in the browser you almost always get a web interface to manage the device. Sometimes this requires authentication, albeit the majority of the times these are still set to default values, i.e. blank password, weak password, sometimes no authentication is required at all and the user can view and make use of all the features of the admin pages. My question is do people classify this as a major security issue, i..e what can attackers do with access to these interfaces, I could not find any stored documents or cache or documents printed etc, through the web interface but I assume theres some sort of spool file that could be accessed? What are your thoughts? By the very fact the web interfaces require authentication to me signals attackers should not be given access to them...
0
pma111
Asked:
pma111
  • 2
1 Solution
 
0111110Commented:
Are you talking about the interface that is used to setup the printer? I would recommend that you set a password to be able to change the settings.  A security risk I don't see that, but without a password anyone can change the settings and cause more work for yourself to fix!
0
 
pma111Author Commented:
An example of the "interface":

http://ricoh.pbworks.com/CSWebImageMonitor

"Web Image Monitor is a web based hardware management tool that allows designated users to program and administer their Ricoh MFP from a work station. "

0
 
0111110Commented:
Then yes I would set/change the password for all printers so you don't get someone playing with the settings.  But if you don't set the password and someone does change something, you can always reset the the settings back to default and start over on the setup.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now