Tools released at Defcon crack MS-CHAPv2

I hope your network is using a more modern and more secure authentication protocol than MS-CHAPv2 for VPN access, but if it’s one of those that’s still running PPTP VPNs, this is something you need to be aware of: yesterday at Defcon a crypto researcher released tools for cracking the protocol that were designed for penetration testing – but we all know these tools always eventually get into the wrong hands.

The good news is that using the service being offered to do this is somewhat expensive ($200). The bad news is that if these folks can do it, so can other talented hackers. Maybe it’s (past) time to dump PPTP and MS-CHAPv2 and look for more secure VPN alternatives for your Windows network, such as L2TP/IPsec or SSTP.

http://news.cnet.com/8301-1009_3-57481855-83/tools-boast-easy-cracking-of-microsoft-crypto-for-businesses/?part=rss&subj=news&tag=2547-1_3-0-20

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top