Microsoft Warns that VPN via PPTP with MS-CHAP v2 is Not Secure


Microsoft released a security advisory (2743314) on Aug 20, 2012 warning that the VPN solutions that rely on PPTP in combination with MS-CHAP v2 as the sole authentication method are vulnerable.

Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs.

Microsoft also claims that they are not currently aware of any attacks targeting this threat but will be actively monitoring the situation.

According to The H Security, the exploit code was firstly presented by an encryption expert Moxie Marlinspike at the Black Hat Conference 3 weeks ago, which can crack any PPTP connection within 24 hours.

The basic problem has been known for many years: MS-CHAP v2 uses a strangely convoluted combination of three DES operations. This combination can reliably be cracked by trying out all 256 possible DES keys – no matter how complex the password is. A specially developed server can finish this task in less than a day using FPGAs.

To fix the hole, Microsoft suggests either securing PPTP/MS-CHAP v2 with PEAP (KB 2744850), or adopting a more secure VPN tunnel, such as L2TP, VPN Reconnect, or SSTP.

A PPTP-based VPN solution has been around for too long. It’s time to ditch it for a better one.


Please enter your comment!
Please enter your name here