Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) Information Disclosure Vulnerability
Last Update Date:
22 Aug 2012 12:53
Release Date:
22 Aug 2012
5439
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Cryptographic weaknesses have been identified in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) which could be exploited by attackers to obtain user credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource.
Impact
- Information Disclosure
System / Technologies affected
- Only VPN solutions that rely on PPTP in combination with MS-CHAP v2 as the sole authentication method are vulnerable to this issue.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Workarounds:
- Secure your MS-CHAP v2/PPTP based tunnel with PEAP
- Or, as an alternative to implementing PEAP-MS-CHAP v2 Authentication for Microsoft VPNs, use a more secure VPN tunnel - http://technet.microsoft.com/en-us/security/advisory/2743314
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with