RT Systems TM2 Monitoring Authentication Bypass and Plaintext Credential Disclosure Vulnerability

An authentication bypass vulnerability allowing plaintext credential disclosure has been identified in RT Systems TM2 Monitoring version 3.04. This vulnerability arises from improper access controls, enabling unauthenticated remote attackers to access sensitive administrative functionalities and retrieve administrative credentials.

Impact

Exploitation of this vulnerability leads to unauthorized access to administrative features and the disclosure of plaintext administrative passwords.

Reproduction

To reproduce this vulnerability, access the login page and note that authentication is expected. However, the access control is only enforced through client-side JavaScript. Next, intercept the request using a web proxy like Burp Suite and send a direct unauthenticated request to the security.php page. The server will respond with the full contents of the page, bypassing session state checks. Finally, extract the administrative credentials from the response, which will be available in plaintext form.