Microsoft Issues Security Advisory for VPN Password Flaw -- Redmondmag.com

Microsoft Issues Security Advisory for VPN Password Flaw

By Chris Paoli
08/22/2012

Microsoft issued Security Advisory 2743314 on Monday to warn users of two tools readily available that can be used to steal passwords from wireless networks and virtual private networks (VPNs).

The tools were first disclosed and demonstrated during last month's Defcon security event in Las Vegas. According to creator Moxie Marlin, an independent software engineer and security expert, one of the tools can be used to crack a WPA2-Enterprise (Wireless Protected Access) and PPTP (Point-to-Point Tunneling Protocol) to bypass Microsoft's MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2) for the purpose of capturing targeted network traffic.

Once the network traffic is collected, a second tool created by Marlin and a team of researchers called ChapCrack can then be used to filter out the complex network traffic to a singular data encryption standard (DES) key. This key can then be inputted into an online password cracking service, which can return an authentic network password in 24 hours.

An authentic password "could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource," according to Microsoft.

While Microsoft has issued this security advisory in response to the two tools' disclosure, a security update for the issue is currently not available. The company suggests that those running VPN solutions that employ PPTP and MS-CHAP v2 for authentication use Protected Extensible Authentication Protocol (PEAP) to secure the network (information on how to do this can be found in this Microsoft Knowledge Base Article).

"Microsoft recommends that customers assess the impact of making configuration changes to their environment," according to the security advisory. "Implementing PEAP-MS-CHAP v2 Authentication for Microsoft VPNs may require less change to configuration and have a lesser impact to systems than implementing a more secure VPN tunnel, such as using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication."

Microsoft said that since last month's disclosure, it has yet to see the published tools used in any active attacks, but said that it will continue to monitor the situation.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.