CVE-2023-28345

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

06 Jun 2023, 18:31

Type Values Removed Values Added
CWE CWE-312
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.6
CPE cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
First Time Faronics insight
Faronics
Microsoft windows
Microsoft
References (MISC) https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/ - (MISC) https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/ - Exploit, Mitigation, Release Notes, Third Party Advisory
References (MISC) https://research.nccgroup.com/?research=Technical%20advisories - (MISC) https://research.nccgroup.com/?research=Technical%20advisories - Third Party Advisory

31 May 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-31 00:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-28345

Mitre link : CVE-2023-28345

CVE.ORG link : CVE-2023-28345


JSON object : View

Products Affected

faronics

  • insight

microsoft

  • windows
CWE
CWE-312

Cleartext Storage of Sensitive Information