Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

End of Days for MS-CHAPv2

Published: 2012-07-30
Last Updated: 2012-07-30 21:36:09 UTC
by Guy Bruneau (Version: 1)
17 comment(s)

Moxie Marlinspike and David Hulton gave a talk at Defcon 20 on a presentation on cracking MS-CHAPv2 with 100% success rate. This protocol is still very much in use with PPTP VPNs, and WPA2 Enterprise environments for authentication.

Moxie's recommendations [1]:

1- All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.
2- Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.

Knowing that MS-CHAPv2 can now be cracked, what alternatives are you considering to secure your now insecure communications? The two alternatives suggested by Moxie are "[...] OpenVPN configuration, or IPSEC in certificate rather than PSK mode."

[1] https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
[2] https://github.com/moxie0/chapcrack

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Cracked MSCHAPv2
17 comment(s)

BIND 9 Security Updates

Published: 2012-07-30
Last Updated: 2012-07-30 11:29:37 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

BIND has released 4 new versions that takes care of 2 security issues. They can be downloaded here.

  • 9.6-esv-r7-p2
  • 9.7.6-p2
  • 9.8.3-p2
  • 9.9.1-p2

New security bulletins

  • CVE-2012-3868: High TCP Query Load Can Trigger a Memory Leak in BIND 9
  • CVE-2012-3817: Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure in BIND9


[1] http://www.isc.org/downloads/all
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: BIND 9
0 comment(s)
ISC StormCast for Monday, July 30th 2012 http://isc.sans.edu/podcastdetail.html?id=2698
Diary Archives