COMMAND

    tektronix

SYSTEMS AFFECTED

    Tektronix 740 Extended (and others)

PROBLEM

    Blake Frantz  found following.   Here are  a couple  more problems
    with the  Tektronix webserver  services (Tektronix  740 Extended).
    When the people at  Tektronix designed the web  services, security
    was  in  mind.   For  example,  some  URLs  that  require password
    authentication do  generate a  key to  pass along  instead of  the
    plain password.  For example,  if you download the Job  Accounting
    Records the URL is as follows:

        http://<printername>/config_job_browse.html?http_password=<alphabetsoup>&job_record=30

    This is great,  except it appears  that the key  is only generated
    one time, you can paste this  URL into any browser on any  machine
    and  view  the  URL  with  no  restrictions.  In walks the History
    folder,  any  user  that  has  access  to your machine, unless you
    clear the history, can access any URL viewed by the administrator,
    including pages that require password authentication.

    If the administrator ever downloads the Job Accounting log, he/she
    is required to enter in the admin password.  After the password is
    entered  and  submitted,  the  page  containing the job accounting
    links has the following url:

        http://<printername>/config_job_links?http_password=<cleartextpassord>

    Basically, any  user that  gets noses  and decides  to browse your
    History  folder  can  stumble  upon   this  url  with  the   words
    "http_password=joo" slapping them in the face.

    'elfchief'  added  following.   Even  in  absence  of  any sort of
    password- (or password hash-) aquiring attack, it's still possible
    to use up all of someone's consumables without a password at  all.
    No trickery required!   [Keep in mind that  a toner set for  a 780
    is ~ $600]

    The "configure settings" page  (http://printer/button_config.html)
    has  a  drop-down  menu  that  allows  you  to  print  a number of
    different pages  (test pages,  color samples,  startup page). This
    menu, and the functions it performs, do not require a password  of
    any sort.   Go to  the page,  select "CMYK  Sampler Prints", click
    the button,  and sit  back while  32 pages  of toner  and paper go
    away.

SOLUTION

    Point being made,  clear you history  if you use  the web services
    for  printer  administration,  and   restrict  access  the   ports
    corresponding to the services you have running.