Microsoft warns of ‘man-in-the-middle’ VPN password hack

By | August 22, 2012

Source: Computerworld

by 

In this article “Microsoft yesterday warned Windows users of possible “man-in-the-middle” attacks able to steal passwords for some wireless networks and VPNs, or virtual private networks.

It won’t issue a security update for the problem, however.

The security advisory was Microsoft’s reaction to a disclosure several weeks ago by security researcher Moxie Marlinspike at the Defcon conference.

In a blog post written shortly after his Defcon talk, Marlinspike explained his interest in MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2). “Even as an aging protocol with some prevalent criticism, it’s still used quite pervasively,” Marlinspike said. “It shows up most notably in PPTP VPNs, and is also used quite heavily in WPA2 Enterprise environments.”

Leave a Reply