Vasion Print OAUTH Security Bypass Vulnerability

An OAUTH security bypass vulnerability has been identified in Vasion Print (formerly PrinterLogic) versions prior to Virtual Appliance Host 22.0.843 and Application 20.0.1923. This vulnerability allows an authenticated user to impersonate another user by using valid OAUTH credentials, specifically to access and manage print jobs of the impersonated user. The issue was discovered during a security assessment and has been reported to Vasion by Pierre Barre.

Impact

Exploitation of this vulnerability allows for unauthorized access to another user's print jobs, with the ability to release them early or redirect them to a different printer. However, it does not provide access to the digital contents of the print jobs or information about current or previously printed jobs.

Remediation

Vasion Print has released a patch for this vulnerability in the Virtual Appliance Host 22.0.843 and Application 20.0.1923. Users can update to this version to address the vulnerability.