FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imageRUNNER ADVANCE DX C3725 Web Server Uses Plain-Text Form Based Authentication

Wozy24
Apprentice

‎02-15-2024 08:45 AM - last edited on ‎02-15-2024 09:03 AM by Moderator

Dear Support,

In our company we are using a Canon ImageRunner Advance DX C3725 printer and we have an issue that it is considered to be a vulnerability and the recommendation given to troubleshoot this issue is to contact the vendor. 

Please find below the description of the vulnerability:

"The Web Server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text. An attacker with access to the network traffic to and from the target host may be able to obtain login credential for other users by sniffing the network"

How can we solve this issue that it's considered to be a vulnerability?

0 Likes
2 REPLIES 2

Stephen
Moderator
Moderator

‎02-15-2024 08:51 AM

Thanks for posting!

While our Forum Community members are welcome to chime in, Canon does not provide direct support for imageRUNNER series products, but your dealer will be able to help you! You should be able to find a decal on the front or side of your unit with your dealer's contact information.

If you don't have a dealer, please call us at 1-800-OK-CANON (1-800-652-2666), and we will be happy to provide you with the names of dealers in your area!

0 Likes

shadowsports
Legend
Legend

‎02-15-2024 09:28 AM - edited ‎02-15-2024 09:58 AM

Greetings,

I suspect your Image Runner is behind a firewall.  This means that someone would have to be on your internal network to access or intercept plain text being sent to / from its webserver. If you enable https, the traffic and connection would be encrypted.  You can review recommendations for hardening security here:   

downloadasset (canon.com)  

~Rick
Bay Area - CA


~R5 C (1.0.9.1), ~R50v (1.1.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, ~RF 200-800 +RF 1.4x TC, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve Studio ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8 ~CarePaks Are Worth It

0 Likes
Holiday
Announcements

12/18/2025: New firmware updates are available.

EOS C400 - Version 1.0.4.1

EOS C80 - Version 1.0.4.1

XF605 - Version 1.0.7.1


12/15/2025: New firmware update available for EOS C50 - Version 1.0.1.1

11/20/2025: New firmware updates are available.

EOS R6 Mark III - Version 1.0.1

EOS R3 - Version 2.0.0

EOS R1 - Version 1.2.0

EOS R5 Mark II - Version 1.2.0

EOS R5 - Version 2.2.1

PowerShot G7 X Mark III - Version 1.4.0

PowerShot SX740 HS - Version 1.0.2


10/21/2025: Service Notice: To Users of the Compact Digital Camera PowerShot V1

10/15/2025: New firmware updates are available.

Speedlite EL-5 - Version 1.2.0

Speedlite EL-1 - Version 1.1.0

Speedlite Transmitter ST-E10 - Version 1.2.0


07/28/2025: Notice of Free Repair Service for the Mirrorless Camera EOS R50 (Black)

7/17/2025: New firmware updates are available.

EOS R7 - Version 1.7.1

EOS R10 - Version 1.7.0

EOS R8 - Version 1.5.0

EOS R50 - Version 1.4.0

Powershot V10 - Version 1.4.0

Powershot V1 - Version 1.1.0

EOS R50V - Version 1.1.1


05/21/2025: New firmware update available for EOS C500 Mark II - Version 1.1.5.1

02/20/2025: New firmware updates are available.

RF70-200mm F2.8 L IS USM Z - Version 1.0.6

RF24-105mm F2.8 L IS USM Z - Version 1.0.9

RF100-300mm F2.8 L IS USM - Version 1.0.8

RF50mm F1.4 L VCM - Version 1.0.2

RF24mm F1.4 L VCM - Version 1.0.3


01/22/2024: Canon Supports Disaster Relief Efforts in California
01/14/2025: Steps to resolve still image problem when using certain SanDisk SD cards with the Canon EOS R5 Mark II
Copyright © 2025 Khoros, LLC