June 18, 2021

Microsoft releases MS-CHAP v2 authentication security advisory

(LiveHacking.com) – A few weeks ago, at Defcon 20, Moxie Marlinspike and David Hulton gave a presentation on cracking MS-CHAPv2 and subsequently integrated the techniques presented into the CloudCracker service.

MS-CHAP2 is an old authentication protocol which Microsoft introduced with NT4.0 SP4 and Windows 98. Today the protocol is still widely used for PPTP VPNs, as well as in WPA2 Enterprise environments.

Using the new techniques presented at Defcon 20, David Hulton’s PicoComputing built a box, using FPGAs, which can crack MS-CHAP2 in at most 24 hours and often in just half that amount of time.

As a response to this, Microsoft has released a security advisory called “Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure.” The advisory notifies Microsoft customers of the known cryptographic weaknesses in the MS-CHAP v2 protocol.

To exploit the weaknesses and obtain user credentials, the attacker has to be able to intercept the victim’s MS-CHAP v2 handshake by performing man-in-the-middle attacks or by intercepting open wireless traffic.

Microsoft offers two workarounds (suggested actions):

1. Secure your MS-CHAP v2/PPTP based tunnel with PEAP (see Microsoft Knowledge Base Article 2744850)

2. Use a more secure VPN tunnel – Microsoft recommends using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication.

For more information on these, see the following links:


Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks