Authentication Weakness in Brother Printer Web Interface
CVE-2019-20457

Currently unrated

Key Information:

Vendor: Brother Industries, Ltd.
Vendor: CVE Published:; 7 November 2024

🔔 Create Brother Industries, Ltd. Vulnerability Alert

What is CVE-2019-20457?

A vulnerability exists in Brother MFC-J491DW devices whereby an attacker can access the web interface and retrieve the password hash without needing to authenticate. This is due to the incomplete authorization cookie returned in the response header of failed login attempts, which discloses the MD5 hash of the password in hexadecimal format. As a result, an attacker can perform offline cracking attacks to derive the actual password, leading to potential unauthorized administrative access to the device and its functionalities.

References

https://global.brother

https://support.brother.com/g/s/security/en/index.html

https://seclists.org/fulldisclosure/2024/Jul/14

mailing-list

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Feb 17, 2020