Pass-the-hash attack

A cyberattack that circumvents the authorization mechanism in NTLM or LM protocol. The technique uses the hash of a user’s password en-route to the server: generated without salt, it has the same value for each one of the user’s sessions. The attacker needs not extract the secret key – it is enough to intercept the hash and use it for authentication.