Fandom

The IT Law Wiki

Pass-the-hash attack

32,581pages on
this wiki
Add New Page
Talk0 Share

Definition Edit

Pass-the-hash attack (PtH) is

a hacking technique that allows an attacker to authenticate to a remote system by using the underlying hash of a user's password rather than having to know the actual password itself.[1]

Overview Edit

"Hackers generally use hashes from the current machine to springboard to other machines, grabbing higher privileged credentials as they progress. A range of security measures are required to fully mitigate all the facets of Pass-the-Hash. One scalable and highly effective mitigation involves limiting workstation-to-workstation communication, thereby thwarting an attacker's ability to leverage PtH to move laterally within the network."[2]

References Edit

  1. IAD's Top 10 Information Assurance Mitigation Strategies.
  2. Id.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.