I know you gotta store the passwords hashed but doesn’t that just move the goalposts? How come someone can’t use the hashed end result to get into the service it was used for?
I know you gotta store the passwords hashed but doesn’t that just move the goalposts? How come someone can’t use the hashed end result to get into the service it was used for?
Pass the hash, https://en.wikipedia.org/wiki/Pass_the_hash, is something Windows has been vulnerable to for a very long time. See also Mimikatz.