Sure - in this specific case I was referring to "any attacker who snags the server's database" - I was taking snags the server's database to mean "has full DB dump", which perhaps was not sillysaurus3's intention.
I agree that if the only information you have is a users password hash then your options beyond attempting to brute-force the hash are limited (unless the system was vulnerable to a pass-the-hash attack, of course).
I agree that if the only information you have is a users password hash then your options beyond attempting to brute-force the hash are limited (unless the system was vulnerable to a pass-the-hash attack, of course).