CVE Vulnerabilities

CVE-2025-5922

Insufficiently Protected Credentials

Published: Jul 29, 2025 | Modified: Jul 29, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Access to TSplus Remote Access Admin Tool is restricted to administrators (unless Disable UAC option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PINs hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted. LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Potential Mitigations

References