© SANS Institute 2000 - 200
5
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 200
5
Author retains full rights.
15
A change password request can be sent by the attacker, spoofing as the
VPN server, tricking the client’s system into presenting a change password
dialog box and sending this information when entered and submitted by the
user, to the attacker's machine.
MS-CHAP using even the NT hash is still easily vulnerable to dictionary
attacks, though not quite as easily as the LANMAN hash, this problem is
exacerbated considerably if users use common passwords, the best defense is
a strong password policy that is enforced, if it is absolutely necessary to use MS
PPTP.
Some of these vulnerabilities have been addressed in later versions of
PPTP and various hot fixes, service packs, “performance updates”, and manual
registry changes.
The MS PPTP “Performance Update for Windows NT 4.0” and MS PPTP
Version 2 (including MS-CHAP version 2) provides the following improvements
to address a few of the many issues listed:
Enable the server to only accept the NT password hash for
•
authentication, and reject any client trying to use the LANMAN password
hash for authentication
Enable the NT client to not use the LANMAN password hash for
•
authentication, but only if the client is configured for the supposed “128
bit” encryption.
Addition of a “stateless mode” in MPPE, this eliminates the Reset-
•
Request attack vulnerability
Server authentication method added to decrease risk of attacker
•
“spoofing” as server
MPPE keys unique in each direction, this reduces the risk from a
•
cryptanalytic XORing attack
MS CHAP v2 has a different challenge response process than version 1.
Compare the description of version one to version 2 as follows:
Client requests login challenge from server (same as v1)
•
The server sends the client a 16 byte random challenge (differs from v1)
•
Client generates PAC (Peer Authenticator Challenge) as a random 16
•
byte number (differs from v1)
Client concatenates the PAC and the 16 byte response from the server's
•
challenge, and the client's username. (differs from v1)
Client then hashes this result using SHA-1 (instead of MD4 in v1)
•
Client sends the first 8 bytes of this hashed challenge to server (differs
•
from v1)
Server uses hashed password in server record for the user to decrypt and
•
compare response from client, if matches, client is authenticated
Server then uses the client's PAC and user's hashed password to send
•
20 byte AR (Authenticator Response) and sends it to the client
The client also calculates what the AR should be on it's side, and
•
0
Do'stlaringiz bilan baham: |