Vulners
Lucene search
TSPlus 16.0.0.0 Insecure Credential Storage
🗓️ 22 Aug 2023 00:00:00Reported by Carlo Di DatoType 
packetstorm🔗 packetstormsecurity.com👁 306 Views
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Vulnerability | 21 Aug 202300:00 | – | zdt |
 | CVE-2023-27132 | 17 Oct 202316:15 | – | attackerkb |
| CVE-2023-31069 | 11 Sep 202319:15 | – | attackerkb |
 | CVE-2023-31069 | 11 Sep 202322:27 | – | circl |
 | TSplus 安全漏洞 | 21 Aug 202300:00 | – | cnnvd |
 | CVE-2023-31069 | 11 Sep 202300:00 | – | cve |
 | CVE-2023-31069 | 11 Sep 202300:00 | – | cvelist |
 | TSPlus 16.0.0.0 - Remote Work Insecure Credential storage | 21 Aug 202300:00 | – | exploitdb |
 | EUVD-2023-35398 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-31069 | 11 Sep 202319:15 | – | nvd |
10
`# Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.0.0
# Tested on: Windows
# CVE : CVE-2023-31069
With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single
sign-on web portal and remote desktop gateway that enables users to
remotely access the console session of their office PC.
It is possible to create a custom web portal login page which allows a
user to login without providing their credentials.
However, the credentials are stored in an insecure manner since they are
saved in cleartext, within the html login page.
This means that everyone with an access to the web login page, can
easely retrieve the credentials to access to the application by simply
looking at the html code page.
This is a code snippet extracted by the source code of the login page
(var user and var pass):
// --------------- Access Configuration ---------------
var user = "Admin"; // Login to use when
connecting to the remote server (leave "" to use the login typed in this
page)
var pass = "SuperSecretPassword"; // Password to use when
connecting to the remote server (leave "" to use the password typed in
this page)
var domain = ""; // Domain to use when
connecting to the remote server (leave "" to use the domain typed in
this page)
var server = "127.0.0.1"; // Server to connect to
(leave "" to use localhost and/or the server chosen in this page)
var port = ""; // Port to connect to
(leave "" to use localhost and/or the port of the server chosen in this
page)
var lang = "as_browser"; // Language to use
var serverhtml5 = "127.0.0.1"; // Server to connect to,
when using HTML5 client
var porthtml5 = "3389"; // Port to connect to,
when using HTML5 client
var cmdline = ""; // Optional text that will
be put in the server's clipboard once connected
// --------------- End of Access Configuration ---------------
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Aug 2023 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.01135