Skip to main content

Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) Information Disclosure Vulnerability

Last Update Date: 22 Aug 2012 12:53 Release Date: 22 Aug 2012 5439 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Cryptographic weaknesses have been identified in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) which could be exploited by attackers to obtain user credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource.


Impact

  • Information Disclosure

System / Technologies affected

  • Only VPN solutions that rely on PPTP in combination with MS-CHAP v2 as the sole authentication method are vulnerable to this issue.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link