Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure - Version: 1.0

Discussion in 'Security Alerts' started by News, Apr 18, 2014.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Severity Rating:
    Revision Note: V1.0 (August 20, 2012): Advisory published.
    Summary: Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

    Continue reading...

Share This Page