Kyocera Device Manager appears to contain serious security flaws

Kyocera’s Device Manager software, which allows IT managers to monitor and manage large numbers of Kyocera printers and multifunction devices, contained a vulnerability that could have been exploited by hackers and other threat actors, said Jordan Hedges, Senior Technical Specialist at Trustwave SpiderLab.

In a technical article posted on Trustwave websitethe company explained that the flaw “allows attackers to force authentication attempts on their own resources, such as a malicious SMB share, to capture or pass hashed Active Directory credentials if the security policy ‘Restrict NTLM: Outbound NTLM traffic to remote servers’ is set. not turned on.”