Data received via VPN is passed to PPP (Point to Point Protocol), and I’ve compiled research on the authentication method “MSCHAPv2 authentication” used there.
This refers to CHAP in PPP used by Microsoft's RAS (Remote Access Service). Windows NT LAN Manager uses MS-CHAP v1, while Windows 2000 uses MS-CHAP v2.MS-CHAP v2
MS-CHAP v2 specifications are published as an informational protocol in RFC 2759.At the protocol level it’s equivalent to CHAP, but uses 0x81 instead of MD5’s algorithm number 5. It uses MD4 and DES to generate challenges and responses.
MS-CHAP v2 has improvements over v1’s shortcomings and enhanced functionality, including support for bidirectional authentication, always creating encryption keys based on passwords and challenges, and using different encryption keys for transmission and reception. However, it still uses MD4.
Therefore, MS-CHAP v2 has been repeatedly reported to have vulnerabilities that could lead to information leakage, making it dangerous.
- [Source] MS-CHAP ‐ 通信用語の基礎知識
Alert regarding MS-CHAP v2 vulnerabilities
The problem occurs when using MS-CHAP v2 alone for PPTP-based VPN connections. Malicious third parties can obtain authentication traffic through man-in-the-middle attacks or eavesdropping on wireless communications, potentially stealing authentication information (passwords). If this stolen authentication information is misused, it could lead to impersonation or unauthorized access. Tools for carrying out these attacks have already been released.
In response to this situation, Microsoft Japan published a security advisory on August 21, 2012. For environments that fall under the above category, they recommend using the extended protocol “PEAP” in conjunction, or using other protocols such as L2TP, SSTP, or IKEv2.
From a security perspective, I learned that VPNs should be built with L2TP over IPSec rather than PPTP.
That’s all from the Gemba.