September 29, 2016

Microsoft releases MS-CHAP v2 authentication security advisory

(LiveHacking.com) – A few weeks ago, at Defcon 20, Moxie Marlinspike and David Hulton gave a presentation on cracking MS-CHAPv2 and subsequently integrated the techniques presented into the CloudCracker service.

MS-CHAP2 is an old authentication protocol which Microsoft introduced with NT4.0 SP4 and Windows 98. Today the protocol is still widely used for PPTP VPNs, as well as in WPA2 Enterprise environments.

Using the new techniques presented at Defcon 20, David Hulton’s PicoComputing built a box, using FPGAs, which can crack MS-CHAP2 in at most 24 hours and often in just half that amount of time.

As a response to this, Microsoft has released a security advisory called “Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure.” The advisory notifies Microsoft customers of the known cryptographic weaknesses in the MS-CHAP v2 protocol.

To exploit the weaknesses and obtain user credentials, the attacker has to be able to intercept the victim’s MS-CHAP v2 handshake by performing man-in-the-middle attacks or by intercepting open wireless traffic.

Microsoft offers two workarounds (suggested actions):

1. Secure your MS-CHAP v2/PPTP based tunnel with PEAP (see Microsoft Knowledge Base Article 2744850)

2. Use a more secure VPN tunnel – Microsoft recommends using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication.

For more information on these, see the following links:

 

CloudCracker uses custom hardware to crack any VPN or Wi-Fi MS-CHAPv2 based password

(LiveHacking.com) — Moxie Marlinspike and David Hulton recently made a presentation at Defcon 20 on cracking MS-CHAPv2; now they have now integrated the techniques presented into the CloudCracker service.

Source: https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

MS-CHAP2 is an old authentication protocol which was first introduced by Microsoft with NT4.0 SP4 and Windows 98. Today, nearly 15 years later, the protocol is still widely used for PPTP VPNs, as well as in WPA2 Enterprise environments.

Since it was introduced the protocol has been analysed many times and various weaknesses have been found. These weaknesses severely reduce the complexity of brute-force attacks and made them realistic with modern hardware. Now Marlinspike and Hulton have reduced the complexity of breaking MS-CHAPv2 to that of breaking a single DES key.

David Hulton’s company, PicoComputing, which specializes in building FPGA hardware for cryptography applications, has built a box which can crack MS-CHAP2 in at most 24 hours and often in just half that amount of time.

The FPGAs (field programmable gate arrays) implement DES as a pipeline and can perform one DES operation per clock cycle. The box uses 48 cores at 450Mhz giving a performance of more than 18 billion keys/second.

The pair have also published a tool called chapcrack, which parses a network capture for any MS-CHAPv2 handshakes. For each handshake found, it outputs the username along with the various ciphertexts and a token which can be used directly with CloudCracker.

Once CloudCracker has cracked the authentication, the result can be put back into the chapcrack tool and it will decrypt the entire network capture (and all future captures for that user). Also the user’s VPN service will become exposed.

The power and ease of the cracking process now means that:

  1. All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.
  2. Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.