Definition
Pass-the-hash is a cyberattack in which the attacker uses the hashed version of a user’s password to authenticate instead of the plaintext password.
Although it usually targets Windows systems, it can affect any server that supports LANMan or NT LAN Manager Authentication.
How Pass-the-hash Works
For security reasons, servers store hashed passwords instead of plaintext passwords. For authentication, the server hashes the plaintext password the user enters and compares it to the password hash value stored in the system.
So, an attacker can obtain the password hash (for example, by extracting it from the Windows active directory or SAM database), pose as a legitimate user, and navigate through the system undetected.
Preventing Hash Attacks
- Implement multi-factor authentication to stop hackers from accessing your accounts with stolen hashes.
- Change passwords regularly to limit the longevity of the hashes.
- Update your system as necessary to get the latest security patches.
- Employ the least privilege principle to reduce the potential damage in case of a stolen password hash.