cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imageRUNNER ADVANCE DX C3725 Web Server Uses Plain-Text Form Based Authentication

Wozy24
Apprentice

Dear Support,

In our company we are using a Canon ImageRunner Advance DX C3725 printer and we have an issue that it is considered to be a vulnerability and the recommendation given to troubleshoot this issue is to contact the vendor. 

Please find below the description of the vulnerability:

"The Web Server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text. An attacker with access to the network traffic to and from the target host may be able to obtain login credential for other users by sniffing the network"

How can we solve this issue that it's considered to be a vulnerability?

2 REPLIES 2

Stephen
Moderator
Moderator

Thanks for posting!

While our Forum Community members are welcome to chime in, Canon does not provide direct support for imageRUNNER series products, but your dealer will be able to help you! You should be able to find a decal on the front or side of your unit with your dealer's contact information.

If you don't have a dealer, please call us at 1-800-OK-CANON (1-800-652-2666), and we will be happy to provide you with the names of dealers in your area!

shadowsports
Legend
Legend

Greetings,

I suspect your Image Runner is behind a firewall.  This means that someone would have to be on your internal network to access or intercept plain text being sent to / from its webserver. If you enable https, the traffic and connection would be encrypted.  You can review recommendations for hardening security here:   

downloadasset (canon.com)  

~Rick
Bay Area - CA


~R5 C (1.0.6.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, +RF 1.4x TC, +Canon Control Ring, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve ~Windows11 Pro ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8
~CarePaks Are Worth It

National Parks Week Sweepstakes style=

Enter for a chance to win!

April 20th-28th
Announcements