Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27132: TSPlus 16.0.0.0 Insecure Credential Storage ≈ Packet Storm

TSplus Remote Work 16.0.0.0 places a cleartext password on the “var pass” line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.

CVE
Open in Source
#web#windows#auth
# Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.0.0# Tested on: Windows# CVE : CVE-2023-31069With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single sign-on web portal and remote desktop gateway that enables users to remotely access the console session of their office PC.It is possible to create a custom web portal login page which allows a user to login without providing their credentials.However, the credentials are stored in an insecure manner since they are saved in cleartext, within the html login page.This means that everyone with an access to the web login page, can easely retrieve the credentials to access to the application by simply looking at the html code page.This is a code snippet extracted by the source code of the login page (var user and var pass):   // --------------- Access Configuration ---------------   var user = "Admin";                         // Login to use when connecting to the remote server (leave "" to use the login typed in this page)   var pass = "SuperSecretPassword";           // Password to use when connecting to the remote server (leave "" to use the password typed in this page)   var domain = "";                            // Domain to use when connecting to the remote server (leave "" to use the domain typed in this page)   var server = "127.0.0.1";                   // Server to connect to (leave "" to use localhost and/or the server chosen in this page)   var port = "";                              // Port to connect to (leave "" to use localhost and/or the port of the server chosen in this page)   var lang = "as_browser";                    // Language to use   var serverhtml5 = "127.0.0.1";              // Server to connect to, when using HTML5 client   var porthtml5 = "3389";                     // Port to connect to, when using HTML5 client   var cmdline = "";                           // Optional text that will be put in the server's clipboard once connected   // --------------- End of Access Configuration ---------------

Related news

CVE-2023-31069: TSPlus 16.0.0.0 Insecure Credential Storage ≈ Packet Storm

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.

TSPlus 16.0.0.0 Insecure Credential Storage

TSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE