Every copier I've ever had to touch at a client was setup with the default user name/password.
From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Tuesday, August 05, 2014 9:29 PM To: [email protected] Subject: RE: [NTSysADM] Kyocera Copier Security issue but if the vendor refuses to fix you will have to work around it. Personally I would put the web page on a different subnet that only those you trust will have knowledge of and which you would have to change your machines IP to get to. \*Rant on Vendors both hardware and software are getting away with way too much. If it was their a$$ hanging out there when the auditors come calling or when the hackers take control of your network due to their lack of security concern you would either see fewer vendors or tighter security on their stuff. Rant off*\ Jon ________________________________ Date: Tue, 5 Aug 2014 19:59:41 -0400 Subject: [NTSysADM] Kyocera Copier From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> We have a small office with a Kyocera network copier. I learned last week- as I was going to add a new mailbox on it- that from the web browser, no log in is required to add- or edit- mailbox names, e-mail addresses or network paths for scan to folders. I was able to- without logging in at the browser- to change the e-mail address of anyone who had one set up to one either in or outside our domain. I could do the same with the network path. To make sure that I was magically logged in because of my network rights, I logged into the workstation with a guest account- same thing. A call to the vendor who services the machines said that Kyocera acknowledged this issue but a fix wasn't in the offing. Their solution was to restrict access to the management webpage from specific machines by IP or disable the web page. Am I nuts or is this a giant security issue?
