|
|
|
![]() |
Vulnerability Note VU#557062CUPS stores user account details in plain text in log fileOverviewWhen an SMB printer is configured, CUPS stores plain text login information to the log file.I. DescriptionCUPS is a cross-platform printing system for UNIX environments. It can use the IPP, LPD, SMB, and JetDirect protocols to interact with printers. The SMB protocol is used to communicate with printers that are shared via Microsoft Windows or other SMB-compatible software such as Samba. When an SMB printer is added or modified, the connection string for the printer is written to the log file in plain text. This connection string will contain a username and password if authentication is required for the printer.II. ImpactA local authenticated user may be able to retrieve the usernames and passwords for other accounts.III. SolutionApply a patch from your vendorFor vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document.
References
Thanks to Gary Smith for reporting this vulnerability. This document was written by Will Dormann.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||