CVE-2023-50430 : What You Need to Know
Learn about CVE-2023-50430, a vulnerability in the Goodix Fingerprint Device in Dell Inspiron 15 computers, allowing bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
A security vulnerability has been identified in the Goodix Fingerprint Device as shipped in Dell Inspiron 15 computers. Attackers can bypass Windows Hello authentication by enrolling a malicious fingerprint.
Understanding CVE-2023-50430
This CVE affects the Goodix Fingerprint Device in Dell Inspiron 15 computers, allowing unauthorized access to Windows Hello authentication.
What is CVE-2023-50430?
The Goodix Fingerprint Device in Dell Inspiron 15 computers fails to follow the Secure Device Connection Protocol (SDCP) during enrollment via Linux. This flaw enables an attacker to bypass Windows Hello authentication by enrolling their own fingerprint.
The Impact of CVE-2023-50430
The vulnerability allows unauthorized individuals to enroll their fingerprint on affected devices, potentially gaining access to Windows Hello-protected systems.
Technical Details of CVE-2023-50430
The following technical details outline the specifics of this security issue.
Vulnerability Description
The flaw in the Goodix Fingerprint Device permits an attacker to use an unauthenticated configuration packet to select the Windows template database during enrollment, thus bypassing Windows Hello authentication.
Affected Systems and Versions
- Vendor: n/a
- Product: n/a
- Affected Versions: n/a
Exploitation Mechanism
Attackers can exploit this vulnerability by enrolling their own fingerprint on the Goodix Fingerprint Device via Linux, tricking the system into accepting an unauthenticated configuration packet.
Mitigation and Prevention
To protect your system from the CVE-2023-50430 vulnerability, consider the following mitigation strategies.
Immediate Steps to Take
- Disable fingerprint authentication on affected devices until a patch is available.
- Monitor system logs for any unusual fingerprint enrollment activities.
Long-Term Security Practices
- Regularly update system firmware and drivers to mitigate known security issues.
- Implement multi-factor authentication to enhance security.
Patching and Updates
Stay informed about security updates from Dell and Goodix for patches addressing this vulnerability.