Pass-the-hash WiFi

The report demonstrates how MSCHAPv2 authentication over Wi‑Fi can be abused by supplying NT password hashes rather than plaintext passwords: wpa_supplicant accepts an NtPasswordHash for client EAP-MSCHAPv2 logins, and hostapd can be configured to accept MSCHAPV2 hashes for server responses. This enables attackers who possess stolen NT hashes (including machine account hashes) to authenticate to enterprise Wi‑Fi or deploy an evil‑twin hotspot that many domain-joined devices will fully connect to, facilitating network access or further exploitation.