CVE-2023-50430

Name of the Vulnerable Software and Affected Versions Goodix Fingerprint Device (affected versions not specified) Dell Inspiron 15 computers (affected versions not specified)

Description The Goodix Fingerprint Device does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux. It accepts an unauthenticated configuration packet to select the Windows template database, allowing bypass of Windows Hello authentication by enrolling an attacker's fingerprint.

Recommendations For the Goodix Fingerprint Device, consider disabling the enrollment feature via Linux until a patch is available. For Dell Inspiron 15 computers, restrict access to the fingerprint enrollment process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.