Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCarlo Di DatoPACKETSTORM:174271
HistoryAug 22, 2023 - 12:00 a.m.

TSPlus 16.0.0.0 Insecure Credential Storage

2023-08-2200:00:00
Carlo Di Dato
packetstormsecurity.com
176
remote work
insecure storage
remote access
cleartext storage
html page
access configuration
cve-2023-31069

EPSS

0.014

Percentile

86.7%

JSON
`# Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage  
# Date: 2023-08-09  
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia  
# Vendor Homepage: https://tsplus.net/  
# Version: Up to 16.0.0.0  
# Tested on: Windows  
# CVE : CVE-2023-31069  
  
With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single   
sign-on web portal and remote desktop gateway that enables users to   
remotely access the console session of their office PC.  
It is possible to create a custom web portal login page which allows a   
user to login without providing their credentials.  
However, the credentials are stored in an insecure manner since they are   
saved in cleartext, within the html login page.  
This means that everyone with an access to the web login page, can   
easely retrieve the credentials to access to the application by simply   
looking at the html code page.  
  
This is a code snippet extracted by the source code of the login page   
(var user and var pass):  
  
// --------------- Access Configuration ---------------  
var user = "Admin"; // Login to use when   
connecting to the remote server (leave "" to use the login typed in this   
page)  
var pass = "SuperSecretPassword"; // Password to use when   
connecting to the remote server (leave "" to use the password typed in   
this page)  
var domain = ""; // Domain to use when   
connecting to the remote server (leave "" to use the domain typed in   
this page)  
var server = "127.0.0.1"; // Server to connect to   
(leave "" to use localhost and/or the server chosen in this page)  
var port = ""; // Port to connect to   
(leave "" to use localhost and/or the port of the server chosen in this   
page)  
var lang = "as_browser"; // Language to use  
var serverhtml5 = "127.0.0.1"; // Server to connect to,   
when using HTML5 client  
var porthtml5 = "3389"; // Port to connect to,   
when using HTML5 client  
var cmdline = ""; // Optional text that will   
be put in the server's clipboard once connected  
// --------------- End of Access Configuration ---------------  
  
`

Related

prion 2
cvelist 2
nvd 2
cve 2
zdt 1
vulnrichment 2
exploitdb 1
prion
prion
Design/Logic Flaw
2023-09-11 19:15:00
Default credentials
2023-10-17 16:15:00
cvelist
cvelist
CVE-2023-31069
2023-09-11 00:00:00
CVE-2023-27132
2023-10-17 00:00:00
nvd
nvd
CVE-2023-31069
2023-09-11 19:15:41
CVE-2023-27132
2023-10-17 16:15:09
cve
cve
CVE-2023-31069
2023-09-11 19:15:41
CVE-2023-27132
2023-10-17 16:15:09
zdt
zdt
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Vulnerability
2023-08-21 00:00:00
vulnrichment
vulnrichment
CVE-2023-31069
2023-09-11 00:00:00
CVE-2023-27132
2023-10-17 00:00:00
exploitdb
exploitdb
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
2023-08-21 00:00:00

EPSS

0.014

Percentile

86.7%

JSON
Related for PACKETSTORM:174271
prion2cvelist2nvd2cve2zdt1vulnrichment2exploitdb1