Headline
TSPlus 16.0.2.14 Insecure Permissions
TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.
# Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.2.14# Tested on: Windows# CVE : CVE-2023-31067TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and Microsoft RDS for remote desktop access and Windows application delivery. Web-enable your legacy apps, create SaaS solutions or remotely access your centralized corporate tools and files.The TSplus Remote Access solution comes with an embedded web server to allow remote users to easely connect remotely.However, insecure file and folder permissions are set and this could allow a malicious user to manipulate file content (e.g.: changing the code of html pages or js scripts) or change legitimate files (e.g. Setup-VirtualPrinter-Client.exe) in order to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:Everyone:(OI)(CF)(F) and Everyone(F)Permission: Everyone:(OI)(CI)(F)C:\Program Files (x86)\TSplus\Clients\wwwC:\Program Files (x86)\TSplus\Clients\www\addonsC:\Program Files (x86)\TSplus\Clients\www\ConnectionClientC:\Program Files (x86)\TSplus\Clients\www\downloadsC:\Program Files (x86)\TSplus\Clients\www\printsC:\Program Files (x86)\TSplus\Clients\www\RemoteAppClientC:\Program Files (x86)\TSplus\Clients\www\softwareC:\Program Files (x86)\TSplus\Clients\www\varC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteappC:\Program Files (x86)\TSplus\Clients\www\downloads\sharedC:\Program Files (x86)\TSplus\Clients\www\software\javaC:\Program Files (x86)\TSplus\Clients\www\software\jsC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwresC:\Program Files (x86)\TSplus\Clients\www\software\html5\localesC:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenuC:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\partsC:\Program Files (x86)\TSplus\Clients\www\software\java\imgC:\Program Files (x86)\TSplus\Clients\www\software\java\thirdC:\Program Files (x86)\TSplus\Clients\www\software\java\img\cpC:\Program Files (x86)\TSplus\Clients\www\software\java\img\srvC:\Program Files (x86)\TSplus\Clients\www\software\java\third\imagesC:\Program Files (x86)\TSplus\Clients\www\software\java\third\jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\images\bramusC:\Program Files (x86)\TSplus\Clients\www\software\java\third\js\prototypeC:\Program Files (x86)\TSplus\Clients\www\var\logC:\Program Files (x86)\TSplus\UserDesktop\themesC:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBarC:\Program Files (x86)\TSplus\UserDesktop\themes\DefaultC:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBarC:\Program Files (x86)\TSplus\UserDesktop\themes\LogonC:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTopC:\Program Files (x86)\TSplus\UserDesktop\themes\SeamlessC:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClientC:\Program Files (x86)\TSplus\UserDesktop\themes\Vista------------------------------------------------------------------------------Permission: Everyone:(F)C:\Program Files (x86)\TSplus\Clients\www\all.min.cssC:\Program Files (x86)\TSplus\Clients\www\custom.cssC:\Program Files (x86)\TSplus\Clients\www\popins.cssC:\Program Files (x86)\TSplus\Clients\www\robots.txtC:\Program Files (x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exeC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.configC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.configC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.htmlC:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\common.cssC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jarC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jarC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\exitlist.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\exitupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\getlist.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\getupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\postupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\uploaderr.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.binC:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.jsC:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.jsRelated news
CVE-2023-31067: OffSec’s Exploit Database Archive
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.