Fandom

The IT Law Wiki

Pass-the-hash attack

32,181pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

Pass-the-hash attack (PtH) is

a hacking technique that allows an attacker to authenticate to a remote system by using the underlying hash of a user's password rather than having to know the actual password itself.[1]

Overview Edit

"Hackers generally use hashes from the current machine to springboard to other machines, grabbing higher privileged credentials as they progress. A range of security measures are required to fully mitigate all the facets of Pass-the-Hash. One scalable and highly effective mitigation involves limiting workstation-to-workstation communication, thereby thwarting an attacker's ability to leverage PtH to move laterally within the network."[2]

References Edit

  1. IAD's Top 10 Information Assurance Mitigation Strategies.
  2. Id.

Also on Fandom

Random Wiki