OpenPrinting CUPS Authentication Bypass Vulnerability in Non-Basic Auth Types

An authentication bypass vulnerability has been identified in OpenPrinting CUPS versions prior to 2.4.13. When the 'AuthType' is set to anything other than 'Basic', CUPS fails to validate passwords if the request includes an 'Authorization: Basic' header. This issue arises because the password check is skipped for non-Basic authentication types, allowing unauthorized access. The vulnerability affects any configuration that permits an 'AuthType' other than 'Basic'.

Impact

Exploitation of this vulnerability allows for authentication bypass, potentially granting unauthorized users access to administrative functions or privileges.

Reproduction

To reproduce this vulnerability, configure CUPS to use 'DefaultAuthType Negotiate' and start the CUPS service. Then, send a request to the CUPS server with an 'Authorization: Basic' header containing base64-encoded credentials for an administrator account. The server will accept the request without verifying the password, bypassing authentication.

Remediation

Users can upgrade to CUPS version 2.4.13 or later, where this vulnerability has been fixed.