Vigil@nce - Windows: attack against PPTP and MS-CHAPv2
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When a VPN tunnel is established with the PPTP protocol, and uses
the MS-CHAPv2 authentication protocol, an attacker who captured
the packet exchange can find the secret using a one day brute
force attack and a DES breaking dedicated hardware.
Severity: 1/4
Creation date: 21/08/2012
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The MS-CHAPv2 authentication protocol can be used to establish a
PPTP VPN tunnel for example. An attacker can then capture
authentication packets.
The MS-CHAPv2 protocol uses a challenge based on:
NTHash = MD4(password)
reply_for_the_challenge = DES(7 first bytes of NTHash)
reply_for_the_challenge += DES(7 following bytes of NTHash)
reply_for_the_challenge += DES(2 last bytes of NTHash)
Notes:
– MD4 produces a hash of 16 bytes
– DES encrypts at most 7 bytes
However, this algorithm does not cumulate DES inputs. An attacker
can therefore browse the 2^56 space to break the three DES
computations simultaneously.
Nowadays, a dedicated DES hardware can find the secret in less
than a day.
When a VPN tunnel is established with the PPTP protocol, and uses
the MS-CHAPv2 authentication protocol, an attacker who captured
the packet exchange can therefore find the secret using a one day
brute force attack and a DES breaking dedicated hardware.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-attack-against-PPTP-and-MS-CHAPv2-11873