PrinterLogic’s enterprise management solution allows organizations to manage multiple printers from a single console. Security researchers at Seek discovered numerous weaknesses in the software that could put organizations at risk. Analysis of the PrinterLogic Saas platform and the Virtual Appliance on PrinterLogic’s website revealed 18 distinct vulnerabilities.

The platform is most susceptible to an authentication bypass attack, which allows third parties to access administrative scripts and alter service configurations. The system requires individual PHP files to implement authentication checks, but they enable unauthenticated access via their direct URLs. The application also logs requests containing passwords in plaintext and stores this information in SHA1 hashing. Double base64 encoding is employed when transmitting usernames and passwords, but hackers can easily intercept this information. The researchers discovered other weaknesses regarding XSS flaws, SQL injection prevention, and a lack of cross-site forgery checks. PrinterLogic noted one of these issues impacts the legacy code and has not provided a general patch time frame.

