CVE-2023-29062

Name of the Vulnerable Software and Affected Versions Operating System (affected versions not specified)

Description The issue arises when the Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials without properly validating the identity of the requested resource. This can occur through the use of LLMNR, MBT-NS, or MDNS, resulting in NTLMv2 hashes being sent to a malicious entity on the local network. These hashes can be attacked through brute force and cracked if a weak password is used. The attack is limited to domain-joined systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.