Primary

Context

Doxense Watchdoc User Impersonation Vulnerability via Predictable PUK Codes

Vulnerability

A vulnerability in Doxense Watchdoc versions prior to 6.1.0.5094 allows for user impersonation through the use of private user PUK codes. This issue arises for Active Directory registered users, as the PUK codes are generated using a predictable algorithm, creating a risk of unauthorized access to user print queues and scanning capabilities.

Impact

Exploitation of this vulnerability could lead to unauthorized user impersonation, allowing an attacker to access and manipulate the print queue and scanning functions of the impersonated user.

Remediation

Users can update to Doxense Watchdoc version 6.1.1 or later. For those on a version prior to 6.0, Doxense no longer provides support, and users should contact their Doxense partner or representative.

Added: Sep 26, 2025, 4:19 PM

Updated: Sep 26, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Doxense Watchdoc User Impersonation Vulnerability via Predictable PUK Codes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating