TSPlus 16.0.0.0 Insecure Permissions

TSPlus 16.0.0.0 Insecure Permissions: Posted Aug 22, 2023; Authored by Carlo Di Dato; TSPlus version 16.0.0.0 suffers from an insecure permissions vulnerability.; tags | exploit; advisories | CVE-2023-31068; SHA-256 | 06f5da798bc1734c99952dd5665f7fc882b0e8d1c219d8e327e08d2824444cbb; Download | Favorite | View

TSPlus 16.0.0.0 Insecure Permissions

# Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.0.0
# Tested on: Windows
# CVE : CVE-2023-31068

With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single 
sign-on web portal and remote desktop gateway that enables users to 
remotely access the console session of their office PC.
The solution comes with an embedded web server to allow remote users to 
easely connect remotely.
However, insecure file and folder permissions are set, and this could 
allow a malicious user to manipulate file content (e.g.: changing the 
code of html pages or js scripts) or change legitimate files (e.g. 
Setup-RemoteWork-Client.exe) in order to compromise a system or to gain 
elevated privileges.

This is the list of insecure files and folders with their respective 
permissions:

Permission: Everyone:(OI)(CI)(F)

C:\Program Files (x86)\TSplus-RemoteWork\Clients\www
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\prints
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\shared
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\locales
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\des
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenu
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\parts
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\cp
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\srv
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramus
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log

-------------------------------------------------------------------------------------------

Permission: Everyone:(F)

C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txt
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.config
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.html
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.js
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.js
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exe
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jar
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jar
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.html
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.html
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\index.html
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.html
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.bin
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.js
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.js
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.js
C:\Program Files 
(x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.js

Top Authors In Last 30 Days

Red Hat 246 files
Ubuntu 54 files
Gentoo 33 files
Debian 23 files
Apple 9 files
malvuln 7 files
Jann Horn 4 files
Ahmet Umit Bayram 4 files
nu11secur1ty 4 files
Google Security Research 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,048)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,846)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,952)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,535)
UNIX (9,409)
UnixWare (187)
Windows (6,660)
Other

TSPlus 16.0.0.0 Insecure Permissions

TSPlus 16.0.0.0 Insecure Permissions

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TSPlus 16.0.0.0 Insecure Permissions

Share This

TSPlus 16.0.0.0 Insecure Permissions

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems