Security flaws in a range of HP printers create a way for hackers to lift administrator's passwords and other potentially sensitive information from vulnerable devices, infosec experts have warned.
HP has released patches for the affected LaserJet Pro printers to defend against the vulnerability (CVE-2013-4807), which was discovered by Michal Sajdak of Securitum.pl. Sajdak discovered it was possible to extract plaintext versions of users' passwords via hidden URLs hardcoded into the printers' firmware. A hex representation of the admin password is stored in a plaintext URL, though it looks encrypted to a casual observer.
Sajdak also discovered Wi-Fi-enabled printers leaked Wi-Fi settings and Wi-Fi Protected Setup PIN codes, as an advisory from the Polish security researcher explains.
HP has released firmware updates for the following affected printers:
GoPro, Pixpro, or Ricoh?
You can spend hundreds or even thousands of dollars on a 360-degree camera. We tested three of them to find out what kind of quality and ease of use you can expect at each price point.