MSCHAPv2, Not So Secure…

I wanted to call attention to some research done by Moxy Marlinspike in the are of MSCHAPv2. This protocol is used in PPTP and many enterprise wireless environments. The article below explains how theory behind cracking the handshake and de-obfuscating any PPTP session in a little under 24 hours.

The Research

The Cloud Cracker

Although this requires special hardware, they have implemented this as cloud service based on FPGAs. The point is that if you are still using an MSCHAPv2 based VPN, it is time to find something more secure.

I guess at initial glance I would be more concerned about what this means for WPA2 wireless environments. I think any attack against a wireless session would require a man in the middle attack by presenting the client with a bogus or untrusted certificate. Therefore, it is a little less likely that a user would allow the bogus certificate that would lead to the SSL MiTM and expose the MSCHAPv2 exchange. If you are using a PPTP VPN based on MSCHAP, it is most certainly time to look for an alternative. If you are using MSCHAP in any other capacity, the holistic implementation should be assessed.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Other. Bookmark the permalink.