CVE-2023-28351

Name of the Vulnerable Software and Affected Versions Faronics Insight version 10.0.19045

Description An issue in Faronics Insight allows every keystroke made by any user on a computer with the Student application installed to be logged to a world-readable directory. This enables a local attacker to extract these cleartext keystrokes, potentially obtaining personally identifiable information (PII) and/or compromising personal accounts owned by the victim. The vulnerability is related to the unencrypted storage of confidential information in keystroke logs.

Recommendations For Faronics Insight version 10.0.19045, consider restricting access to the directory where keystrokes are logged to minimize the risk of exploitation. As a temporary workaround, limit the use of the Student application until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.