Service:
Protocol:
TCP/UDPPort:
631Used for:
Port 631 is used by the Internet Printing Protocol (IPP) to send and manage print jobs over IP networks.Why It’s Open
Port 631 is used by the Internet Printing Protocol (IPP), a network printing protocol that enables users to send print jobs and manage printers over IP networks. It supports advanced features like querying printer status, canceling jobs, and securing communication with TLS. IPP is the backbone of CUPS (Common UNIX Printing System), which is widely used on Linux, macOS, and some Windows systems.
Port 631 is often open on print servers, endpoint devices acting as shared printers, or embedded network printers. While IPP can operate securely over HTTPS, many environments still run it in plaintext or with default configurations that lack authentication.
Common Risks
- Unauthenticated Printing or Admin Access
Misconfigured printers may allow unauthenticated users to submit jobs or change settings. - Information Disclosure
Banner info or printer details can reveal usernames, OS types, or print job metadata. - Exposed Print Queues
Some IPP servers expose active job lists or logs, which may contain sensitive filenames or document titles. - Default Credentials or Weak Access Controls
Embedded printers and print servers often lack strong authentication, especially in internal networks. - Denial of Service (DoS)
Attackers may flood the print queue or exploit IPP vulnerabilities to crash the service.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sT -p 631Service detection:
nmap -sV -p 631View exposed print queue with curl:
curl -v http://:631/printers/Scan with ippfind (from CUPS):
ippfindWhat to Look For
| Checkpoint | What it means |
|---|---|
| Port 631 open to the internet | Printer service is publicly accessible — high risk |
| No authentication or TLS | Print jobs and metadata can be intercepted or manipulated |
| Exposes printer/job details | May leak usernames, document names, or internal resources |
| Uses default credentials | Devices may be easily taken over or tampered with |
Mitigation
- Restrict Access to Port 631
Only allow trusted internal hosts; block external access at the perimeter. - Enforce Authentication and Encryption
Enable TLS (IPP over HTTPS) and require authentication for submitting jobs or accessing printer settings. - Disable Unused Print Services
If IPP isn’t needed, disable it on workstations, servers, and embedded devices. - Audit Printer Configurations
Regularly review settings for open queues, anonymous access, or default passwords. - Isolate Printers and Print Servers
Place them on separate VLANs to reduce risk of lateral movement or abuse.
Known CVEs and Exploits
- CVE-2023-32324 – Buffer overflow in CUPS IPP parser.
- CVE-2020-10001 – Unauthenticated access to printer logs and job details in CUPS.
- CVE-2019-2224 – IPP service DoS vulnerability in Android print spooler.
- Exploit – IPP Print Job Overflow (EDB-41023) – CUPS DoS via malformed print job.