PaperCut Print Deploy Man-in-the-Middle Vulnerability Due to SSL Misconfiguration

A vulnerability in PaperCut Print Deploy, an optional component for PaperCut NG/MF that streamlines printer management, allows for man-in-the-middle attacks. This issue arises when users configure the system to use self-signed certificates without properly setting up the trust database on client devices. As a result, communication between clients and the Print Deploy server can be intercepted. The vulnerability affects Print Deploy versions prior to 1.9.2917, released on July 7, 2025, and is likely a result of inadequate documentation regarding SSL certificate validation in earlier versions.

Impact

Exploitation of this vulnerability could lead to man-in-the-middle attacks, allowing an attacker to intercept and potentially alter communications between clients and the Print Deploy server.

Remediation

Users should follow the updated instructions in the PaperCut Print Deploy documentation to ensure proper SSL configuration. This includes adding self-signed certificates to the operating system's trust store and the Java key store. After updating to Print Deploy version 1.9.2917 or later, users should specify 'STRICT_SSL=yes' on the installer command line to automatically apply the necessary changes for enforcing certificate validation.