Pass-the-hash attacks

Pass-the-hash attacks represent a major risk to the security of company networks. The attacks target password-based authentication procedures and especially exploit the fact that a password often only has to be entered once by the user and can then continue to be used in hashed form. This means that, from the perspective of the attacker, knowledge of a password hash value is equivalent to knowledge of the password itself, i.e. the password does not first have to be derived from the hash value. This considerably simplifies attacks and also makes them more resistant to "well-chosen" passwords (i.e. passwords with high entropy).

This technological consideration shows what a pass-the-hash attack is, how it functions, what the potential risk is, and what might be done to protect against them.

Last modification 19.06.2013

Top of page