Facschorus
CVE-2023-29062
LOW
Severity by source
AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
AnalysisAI
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested. Rated low severity (CVSS 3.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems. Affected products include: Bd Facschorus.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Facschorus
View allThe FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. Rated medium
There is no BIOS password on the FACSChorus workstation. Rated medium severity (CVSS 5.2), this vulnerability is no auth
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. Rated med
The FACSChorus software contains sensitive information stored in plaintext. Rated medium severity (CVSS 4.3), this vulne
The FACSChorus software does not properly assign data access privileges for operating system user accounts. Rated low se
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today