while scanning with credentials. In a pen test the tester was able to apparently obtain some password hashes by catching packets during scans.What kinds of authentication passing are being used during scanning?
This is a configuration issue, some one allowed insecure use of credentials
Normally credentials are only passed to the target via encrypted channels, but if you tick “allow insecure use” then it will be transmitted not securely.
Additional a large default password database is used, did your pen tester validated the hash against the default password list ?