You're not nuts, but unfortunately this is nothing new in the printer realm. Either don't enable those features, or like others have recommended: sandbox it the best you can.
-- Espi On Tue, Aug 5, 2014 at 4:59 PM, CSSU NetAdmin <[email protected]> wrote: > We have a small office with a Kyocera network copier. I learned last > week- as I was going to add a new mailbox on it- that from the web browser, > no log in is required to add- or edit- mailbox names, e-mail addresses or > network paths for scan to folders. I was able to- without logging in at > the browser- to change the e-mail address of anyone who had one set up to > one either in or outside our domain. I could do the same with the network > path. To make sure that I was magically logged in because of my network > rights, I logged into the workstation with a guest account- same thing. > > A call to the vendor who services the machines said that Kyocera > acknowledged this issue but a fix wasn't in the offing. Their solution was > to restrict access to the management webpage from specific machines by IP > or disable the web page. > > Am I nuts or is this a giant security issue? >
