CVE-2023-27132

The CVE-2023-27132 entry targets TSplus Remote Work: version 16.0.0.0 stores a cleartext password on the var pass line of the HTML source code for the secure single sign-on web portal. Connected sources corroborate that credentials are stored in plaintext within the HTML of the login page (e.g., ...

CVE-2023-27133

The CVE-2023-27133 entry affects TSplus Remote Work 16.0.0.0, reporting weak permissions for .exe, .js, and .html files under %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www. These permissions could allow privilege escalation if a different local user modifies a file. Red Hat and PTSecurity sou...

CVE-2023-31069

TSplus Remote Access (up to version 16.0.2.14) contains a credential exposure in which passwords are stored as cleartext in the HTML source of the login page. This is documented across multiple sources (NVD/Red Hat/PRION entries) and confirms the root cause is cleartext credential storage on the ...

CVE-2023-31068

TSplus Remote Access up to 16.0.2.14 has overly permissive ACLs: Full Control for Everyone on directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). Root cause is insecure directory permissions; no remediation details are provide...