Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2

Presented at DEF CON 20 (2012), July 28, 2012, 10 a.m. (50 minutes)

MS-CHAPv2 is an authentication and key negotiation protocol that, while old and battered, is still unfortunately deployed quite widely. It underpins almost all PPTP VPN services, and is relied upon by many WPA2 Enterprise wireless deployments. We will release tools that definitively break the protocol, allowing anyone to affordably decrypt any PPTP VPN traffic or CHAPv2-based WPA2 handshake with a 100% success rate.

Presenters:

• Moxie Marlinspike
  Moxie Marlinspike was the CTO and co-founder of Whisper Systems, is a member of the Institute For Disruptive Studies, runs a cloud-based password cracking service, is the original developer of sslstrip and sslsniff, manages the GoogleSharing targeted anonymity service, is the creator of the Convergence SSL authenticity system, and is the co-creator of the TACK certificate pinning protocol. His tools have been featured in many publications, including CNN, Forbes, The Wall Street Journal, and The New York Times. He is also the author of the sailing film "Hold Fast."
• Marsh Ray
• David Hulton / h1kari   as David Hulton

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Marlinspike
• https://infocon.org/cons/DEF CON/DEF CON 20/DEF CON 20 video and slides/DEF CON 20 - Marlinspike Hulton and Ray - Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2 - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=gkPvZDcrLFk

Similar Presentations:

• Disobey 2020 / We Pwn VPN: Exploiting client-side vulnerabilities in commercial VPNs
• Black Hat USA 1999 / VPN Architectures: Looking at the complete picture.
• DEF CON 18 (2010) / WPA Too!