One interesting thing when using smart card authentication is that you can still use username and passwords even if the smart card is required. There have been many examples and articles about that you can still use Pass the Hash since the NT Hash is still in use.
This is just another twist on it focusing on the clear text password.
The support for using smart card has existed a long time in Windows, it was implemented in MS KILE as a Kerberos extension in Windows 2000 and is called PKINIT. The purpose was to get rid of using passwords and offer a strong authentication with 2 factors (not to mitigate Pass the Hash and Pass the Ticket etc). Continue reading