Authentication Weakness in Brother Printer Web Interface
CVE-2019-20457

9.1CRITICAL

Key Information:

Vendor

Brother Industries, Ltd.

Vendor
CVE Published:
7 November 2024

What is CVE-2019-20457?

A vulnerability exists in Brother MFC-J491DW devices whereby an attacker can access the web interface and retrieve the password hash without needing to authenticate. This is due to the incomplete authorization cookie returned in the response header of failed login attempts, which discloses the MD5 hash of the password in hexadecimal format. As a result, an attacker can perform offline cracking attacks to derive the actual password, leading to potential unauthorized administrative access to the device and its functionalities.

References

https://global.brother
https://support.brother.com/g/s/security/en/index.html
https://seclists.org/fulldisclosure/2024/Jul/14
mailing-list

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.