CVE-2023-23397 vulnerability allows an attacker to coerce an Outlook client to connect to the attacker's server. By doing so, the client sends NTLM credentials to the machine, which allows the attacker to crack the password offline, or to use it in a relay attack. This vulnerability can be exploited remotely over the internet without any user interaction (zero-click) [https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api] #software #vuln #informatique