FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imageRUNNER ADVANCE DX C3725 Web Server Uses Plain-Text Form Based Authentication

Wozy24
Apprentice

‎02-15-2024 08:45 AM - last edited on ‎02-15-2024 09:03 AM by Moderator

Dear Support,

In our company we are using a Canon ImageRunner Advance DX C3725 printer and we have an issue that it is considered to be a vulnerability and the recommendation given to troubleshoot this issue is to contact the vendor. 

Please find below the description of the vulnerability:

"The Web Server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text. An attacker with access to the network traffic to and from the target host may be able to obtain login credential for other users by sniffing the network"

How can we solve this issue that it's considered to be a vulnerability?

0 Likes
2 REPLIES 2

Stephen
Moderator
Moderator

‎02-15-2024 08:51 AM

Thanks for posting!

While our Forum Community members are welcome to chime in, Canon does not provide direct support for imageRUNNER series products, but your dealer will be able to help you! You should be able to find a decal on the front or side of your unit with your dealer's contact information.

If you don't have a dealer, please call us at 1-800-OK-CANON (1-800-652-2666), and we will be happy to provide you with the names of dealers in your area!

0 Likes

shadowsports
Legend
Legend

‎02-15-2024 09:28 AM - edited ‎02-15-2024 09:58 AM

Greetings,

I suspect your Image Runner is behind a firewall.  This means that someone would have to be on your internal network to access or intercept plain text being sent to / from its webserver. If you enable https, the traffic and connection would be encrypted.  You can review recommendations for hardening security here:   

downloadasset (canon.com)  

~Rick
Bay Area - CA


~R5 C (1.0.9.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, ~RF 200-800 +RF 1.4x TC, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve Studio ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8 ~CarePaks Are Worth It

0 Likes

Announcements

01/27/2025: New firmware updates are available.

EOS R5C - Version 1.1.0.1

EOS C80 - Version 1.0.2.1


01/22/2024: Canon Supports Disaster Relief Efforts in California
01/14/2025: Steps to resolve still image problem when using certain SanDisk SD cards with the Canon EOS R5 Mark II

12/18/2024: New firmware updates are available.

EOS C70 - Version 1.1.0.1

EOS C300 Mark III - Version 1..0.9.1

EOS C400 - Version 1.0.2.1

EOS C500 Mark II - Version 1.1.3.1

XF605 - Version 1.0.5.0


12/13/2024: EOS Webcam Utility Pro V2.3b is now available to support Windows on ARM PC users.

12/05/2024: New firmware updates are available.

EOS R1 - Version 1.0.1

EOS R5 Mark II - Version 1.0.2


11/14/2024: Windows V 2.3a installer for EOS Webcam Utility Pro is available for download
11/12/2024: EOS Webcam Utility Pro - Version 2.3 is available

09/26/2024: New firmware updates are available.

EOS R5 - Version 2.1.0

EOS R6 - Version 1.9.0

EOS R3 - Version 1.8.0

EOS R7 - Version 1.6.0

EOS R10 - Version 1.6.0

EOS R6 Mark II - Version 1.5.0

EOS R8 - Version 1.4.0

EOS R50 - Version 1.3.0

EOS R100 - Version 1.1.0

Powershot V10 - Version 1.3.0


08/09/2024: Firmware update available for RC-IP1000 - Version 1.1.1
08/08/2024: Firmware update available for MS-500 - Version 2.0.0
Copyright © 2025 Khoros, LLC