The IT Law Wiki

Pass-the-hash attack

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Pass-the-hash attack (PtH) is

a hacking technique that allows an attacker to authenticate to a remote system by using the underlying hash of a user's password rather than having to know the actual password itself.[1]

Overview Edit

"Hackers generally use hashes from the current machine to springboard to other machines, grabbing higher privileged credentials as they progress. A range of security measures are required to fully mitigate all the facets of Pass-the-Hash. One scalable and highly effective mitigation involves limiting workstation-to-workstation communication, thereby thwarting an attacker's ability to leverage PtH to move laterally within the network."[2]

References Edit

  1. IAD's Top 10 Information Assurance Mitigation Strategies.
  2. Id.

Also on Fandom

Random Wiki