Microsoft released a security advisory (2743314) on Aug 20, 2012 warning that the VPN solutions that rely on PPTP in combination with MS-CHAP v2 as the sole authentication method are vulnerable.
Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs.
Microsoft also claims that they are not currently aware of any attacks targeting this threat but will be actively monitoring the situation.
According to The H Security, the exploit code was firstly presented by an encryption expert Moxie Marlinspike at the Black Hat Conference 3 weeks ago, which can crack any PPTP connection within 24 hours.
The basic problem has been known for many years: MS-CHAP v2 uses a strangely convoluted combination of three DES operations. This combination can reliably be cracked by trying out all 256 possible DES keys – no matter how complex the password is. A specially developed server can finish this task in less than a day using FPGAs.
To fix the hole, Microsoft suggests either securing PPTP/MS-CHAP v2 with PEAP (KB 2744850), or adopting a more secure VPN tunnel, such as L2TP, VPN Reconnect, or SSTP.
A PPTP-based VPN solution has been around for too long. It’s time to ditch it for a better one.