4th Mar 2003 [SBWID-6036]
COMMAND
	HP Jetdirect SNMP password vulnerability when using Web JetAdmin
SYSTEMS AFFECTED
	HP  Jetdirect  cards  JetDirect  300X,  (J3263A),  JetDirect   EX   Plus
	(J2591A), JetDirect  400N  (J2552A,  J2552B),  JetDirect  600N  (J3110A,
	J3111A, J3113A) and older.
PROBLEM
	Sven Pechler of University of Technology Eindhoven found :
	--snip--
	A Web Jetadmin "device password" had been set  on  the  JetDirect  card.
	(This password must be set from Web Jetadmin and has nothing to do  with
	the Telnet password or the SNMP Set community name)
	In the above situation the Web Jetadmin device password is  readable  as
	plain ASCII tekst from the JetDirect card using SNMP.
	How to check your printers for this vulnerability:
	Use an SNMP toolkit to read the following OID from your printer:
	
	.iso.org.dod.internet.private.enterprises.hp.nm.system.net-peripheral.net-
	printer.generalDeviceStatus.gdPasswords
	
	(In numerical format: .1.3.6.1.4.1.11.2.3.9.1.1.13.0)
	An example on  a  Windows  machine,  using  SNMPUTIL  from  the  Windows
	Resource kit:
	
	C:\>snmputil get 131.155.120.118 public .1.3.6.1.4.1.11.2.3.9.1.1.13.0
	Variable = .iso.org.dod.internet.private.enterprises.11.2.3.9.1.1.13.0
	Value    = String 
	<0x41><0x42><0x43><0x44><0x55><0x56><0x3d><0x31><0x30><0x38><0x3b><0x00><0x00><0x00><0x00> ..etc...
	
	The resulting string  reads  in  ASCII:  ABCDEF=108;  The  Web  Jetadmin
	device password is the word before the '=' sign, in this case: ABCDEF
	--snap--
SOLUTION
	 Workarounds:
	 ============
	 1.	Keep the Web Jetadmin device password EMPTY (don't do this on newer cards than the ones mentioned above)
	 2.	Define a 'Set community name'  instead
	Additional  means   of   protection   (does   not   address   the   SNMP
	vulnerability):
	 3.	Define a telnet password (do not keep it empty)
	 4.	Create an 'allow list' from the Telnet console to restrict access from defined IP-addresses