CVE-2023-28344

Name of the Vulnerable Software and Affected Versions Faronics Insight version 10.0.19045

Description The issue allows unauthenticated attackers to view constantly updated screenshots of student desktops without their consent, potentially accessing sensitive or personal data. Attackers can also submit falsified screenshots on behalf of students, hiding the actual contents of their desktops from the Teacher Console. The vulnerability is related to insufficient access control when handling the agent id parameter, which can be exploited by sending specially crafted HTTP requests.

Recommendations For Faronics Insight version 10.0.19045, consider restricting access to the Teacher Console application to prevent unauthorized viewing and submission of screenshots until a patch is available. As a temporary workaround, restrict the use of the agent id parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.