Michał Walkowski

**Name of the Vulnerable Software and Affected Versions** TSplus versions prior to 18.40.6.17 TSplus versions prior to 17.2025.6.27 TSplus versions prior to 16.2025.6.27 **Description** Access to the TSplus Remote Access Admin Tool is restricted to administrators (unless the "Disable UAC" option is enabled) and requires a PIN code. In affected versions, the PIN’s hash is stored in a system registry accessible to regular users, potentially allowing a brute-force attack using rainbow tables due to the lack of salting. **Recommendations** Update TSplus to version 18.40.6.17 or later. Update TSplus to version 17.2025.6.27 or later. Update TSplus to version 16.2025.6.27 or later.