Vigil@nce - Windows Phone: information disclosure via WiFi WPA2 PEAP-MS-CHAPv2
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a fake WiFi WPA2 access point to obtain
encrypted data, then decrypt the PEAP-MS-CHAPv2 algorithm, in
order to obtain victim’s password, to access to sensitive
information.
Impacted products: Windows Phone
Severity: 2/4
Creation date: 05/08/2013
DESCRIPTION OF THE VULNERABILITY
When Windows Phone connects to a Wi-Fi access point, it can use a
WPA2 authentication, with the PEAP-MS-CHAPv2 protocol (Protected
Extensible Authentication Protocol with Microsoft Challenge
Handshake Authentication Protocol version 2).
However, a cryptographic weakness was announced in PEAP-MS-CHAPv2.
An attacker can then retrieve the password.
An attacker can therefore create a fake WiFi WPA2 access point to
obtain encrypted data, then decrypt the PEAP-MS-CHAPv2 algorithm,
in order to obtain victim’s password, to access to sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN