CVE-2023-28345

Name of the Vulnerable Software and Affected Versions Faronics Insight versions 10.0.19045

Description The issue is related to the insecure storage of credentials in the Teacher Console component of the Faronics Insight platform. This allows an attacker with physical access to the Teacher Console to obtain the teacher's password in cleartext by accessing a specific API endpoint from localhost. Once the password is obtained, the attacker can log into the Teacher Console and potentially attack student machines.

Recommendations For Faronics Insight version 10.0.19045, consider restricting access to the API endpoint that exposes the teacher's Console password in cleartext to minimize the risk of exploitation. As a temporary workaround, limit physical access to the Teacher Console to prevent unauthorized individuals from navigating to the affected endpoint and obtaining the teacher's password. At the moment, there is no information about a newer version that contains a fix for this vulnerability.