cbcvebase.
CVE-2023-31069
published 2023-09-11

CVE-2023-31069: An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.93%
77.5th percentile
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.

Affected

1 ranges
VendorProductVersion rangeFixed in
tsplustsplus_remote_work<= 16.0.0.0

Detection & IOCsextracted from sources · hover to see the quote

port3389
  • Credentials (username and password) are stored in cleartext JavaScript variables `var user` and `var pass` embedded directly in the HTML source of the TSplus login page. Inspect the login page source for these variable assignments to confirm exposure.
  • The vulnerability affects TSplus Remote Access through version 16.0.2.14 / TSplus Remote Work up to 16.0.0.0. Identify assets running these versions as high-priority targets for credential harvesting via unauthenticated access to the login page HTML.
  • ·Credential exposure only occurs when the TSplus administrator has pre-configured the login page with hardcoded credentials (i.e., `var user` and `var pass` are set to non-empty values). If left as empty strings `""`, no credentials are exposed in the page source.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.