TSPlus 16.0.0.0 Insecure Credential Storage

TSPlus 16.0.0.0 Insecure Credential Storage: Posted Aug 22, 2023; Authored by Carlo Di Dato; TSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.; tags | exploit; advisories | CVE-2023-31069; SHA-256 | 215f20ce0fd7976f257c178193251dfef5d9ab1191d503a59cbdd146d251811d; Download | Favorite | View

TSPlus 16.0.0.0 Insecure Credential Storage

# Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.0.0
# Tested on: Windows
# CVE : CVE-2023-31069

With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single 
sign-on web portal and remote desktop gateway that enables users to 
remotely access the console session of their office PC.
It is possible to create a custom web portal login page which allows a 
user to login without providing their credentials.
However, the credentials are stored in an insecure manner since they are 
saved in cleartext, within the html login page.
This means that everyone with an access to the web login page, can 
easely retrieve the credentials to access to the application by simply 
looking at the html code page.

This is a code snippet extracted by the source code of the login page 
(var user and var pass):

   // --------------- Access Configuration ---------------
   var user = "Admin";                         // Login to use when 
connecting to the remote server (leave "" to use the login typed in this 
page)
   var pass = "SuperSecretPassword";           // Password to use when 
connecting to the remote server (leave "" to use the password typed in 
this page)
   var domain = "";                            // Domain to use when 
connecting to the remote server (leave "" to use the domain typed in 
this page)
   var server = "127.0.0.1";                   // Server to connect to 
(leave "" to use localhost and/or the server chosen in this page)
   var port = "";                              // Port to connect to 
(leave "" to use localhost and/or the port of the server chosen in this 
page)
   var lang = "as_browser";                    // Language to use
   var serverhtml5 = "127.0.0.1";              // Server to connect to, 
when using HTML5 client
   var porthtml5 = "3389";                     // Port to connect to, 
when using HTML5 client
   var cmdline = "";                           // Optional text that will 
be put in the server's clipboard once connected
   // --------------- End of Access Configuration ---------------

Top Authors In Last 30 Days

Red Hat 295 files
Ubuntu 58 files
Debian 33 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,598)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,755)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,493)
UNIX (9,400)
UnixWare (187)
Windows (6,659)
Other

TSPlus 16.0.0.0 Insecure Credential Storage

TSPlus 16.0.0.0 Insecure Credential Storage

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TSPlus 16.0.0.0 Insecure Credential Storage

Share This

TSPlus 16.0.0.0 Insecure Credential Storage

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems