How severe is CVE-2023-28345?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-28345?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2023-28345 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines.

Related Vulnerabilities

CVE-2019-14886

MEDIUM

CVSS:4.6(Medium)

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Ba...

CWE-3122019

CVE-2020-36248

MEDIUM

CVSS:4.6(Medium)

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this...

CWE-3122020

CVE-2021-25692

MEDIUM

CVSS:4.6(Medium)

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

CWE-3122021

CVE-2022-20660

MEDIUM

CVSS:4.6(Medium)

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. T...

CWE-3122022

CVE-2022-24120

MEDIUM

CVSS:4.6(Medium)

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

CWE-3122022

CVE-2022-41740

MEDIUM

CVSS:4.6(Medium)

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

CWE-3122022