Yeah, that's less of a "vulnerability" and more of how I expect 99% of companies to handle authentication within a network (sadly).