When Encryption Isn't Really Encryption
Security Boulevard, Thursday, May 28th, 2026
During a recent network security assessment, we were working on an environment that was well-hardened - Patching was current, password policies were strong, and network segmentation was in place. So, as part of our enumeration of all network assets, we started looking for default credentials and this led us to multiple Canon enterprise printers configured with default administrator credentials.
Enterprise printers are an interesting attack surface because it is common practice to have them configured with domain credentials. So, with administrative access, we tried to execute auth-back attacks by modifying the printer's configuration to point to our server for credential capture or relay. However, network segmentation controls blocked this attack, as outbound controls prevented traffic from reaching our attacker-controlled subnet.