ChapCrack Tool Cracks VPNs

Wednesday, August 22, 2012 @ 12:08 PM gHale

Microsoft is warning users about the availability of the ChapCrack tool built to crack the VPN credentials for systems built on the MS-CHAPv2 protocol.

The company said that while it’s not aware of any active attacks using the tool, users can protect themselves by implementing PEAP or changing to a more secure VPN tunnel.

Tools Beat Microsoft Crypto
Cisco Closes Multiple Holes
Networking Fixes from Cisco, Wireshark
USB Malware Heart of Investigation

Moxie Marlinspike unveiled the ChapCrack tool at DEF CON last month, and its purpose is to take packet captures from sessions using the MS-CHAPv2 protocol and strip out the user’s credentials from the cryptographic handshake in the session. In order to decrypt the user’s credentials, Marlinspike submits the packet to CloudCracker, which sends back a packet he can put back into ChapCrack, which then will crack the password.

In its advisory, Microsoft said while the ChapCrack tool doesn’t take advantage of a security vulnerability per se, it still represents a risk to users.

“An attacker who successfully exploited these cryptographic weaknesses could obtain user credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource,” the company said in its advisory.

“An attacker has to be able to intercept the victim’s MS-CHAP v2 handshake in order to exploit this weakness, by performing man-in-the-middle attacks or by intercepting open wireless traffic. An attacker who obtained the MS-CHAP v2 authentication traffic could then use the exploit code to decrypt a user’s credentials.”

Microsoft recommends users who use MS-CHAPv2 implement PEAP (protected extensible authentication protocol) to further secure their VPNs.

Leave a Reply

You must be logged in to post a comment.