Access to TSplus Remote Access Admin Tool is restricted to administrators (unless Disable UAC option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PINs hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted. LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.