CVE-2023-31069
published 2023-09-11CVE-2023-31069: An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.93%
77.5th percentile
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tsplus | tsplus_remote_work | <= 16.0.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Credentials (username and password) are stored in cleartext JavaScript variables `var user` and `var pass` embedded directly in the HTML source of the TSplus login page. Inspect the login page source for these variable assignments to confirm exposure. ↗
- →The vulnerability affects TSplus Remote Access through version 16.0.2.14 / TSplus Remote Work up to 16.0.0.0. Identify assets running these versions as high-priority targets for credential harvesting via unauthenticated access to the login page HTML. ↗
- ·Credential exposure only occurs when the TSplus administrator has pre-configured the login page with hardcoded credentials (i.e., `var user` and `var pass` are set to non-empty values). If left as empty strings `""`, no credentials are exposed in the page source. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8c9g-7c4g-j7x7: TSplus Remote Work 16
ghsa_unreviewed·2023-10-17·CVSS 9.8
CVE-2023-27132 [CRITICAL] CWE-522 GHSA-8c9g-7c4g-j7x7: TSplus Remote Work 16
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.
GHSA
GHSA-xcff-9rfc-c4h6: An issue was discovered in TSplus Remote Access through 16
ghsa_unreviewed·2023-09-11
CVE-2023-31069 [CRITICAL] CWE-312 GHSA-xcff-9rfc-c4h6: An issue was discovered in TSplus Remote Access through 16
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
No detection rules found.
No writeups or analysis indexed.
2023-09-11
Published