> Here are a couple more problems with the Tektronix webserver services: And one more: Even in absence of any sort of password- (or password hash-) aquiring attack, it's still possible to use up all of someone's consumables without a password at all -- No trickery required! [Keep in mind that a toner set for a 780 is ~ $600] The "configure settings" page (http://printer/button_config.html) has a drop-down menu that allows you to print a number of different pages (test pages, color samples, startup page). This menu, and the functions it performs, do not require a password of any sort. Go to the page, select "CMYK Sampler Prints", click the button, and sit back while 32 pages of toner and paper go away. [I reported this to Tektronix more than 6 months ago, at the same time I reported a printer-crashing bug. They fell all over themselves to fix the crashing bug (with some of the best support I'd ever gotten ... good job!), but seemed truly uninterested in stopping random people from being able to consume one's toner.] Me, I just firewall my damned printer. -WW
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:22 PDT