Brea­king PPTP VPNs via RA­DI­US En­cryp­ti­on

Matt­hi­as Horst, Mar­tin Gro­the, Tibor Jager, Jörg Schwenk

15th In­ter­na­tio­nal Con­fe­rence on Cryp­to­lo­gy and Net­work Se­cu­ri­ty (CANS)


Ab­stract

We de­scri­be an ef­fi­ci­ent cross-pro­to­col at­tack, which enables an at­ta­cker to learn the VPN ses­si­on key shared bet­ween a victim cli­ent and a VPN end­point. The at­tack re­co­vers the key which is used to en­crypt and au­then­ti­ca­te VPN traf­fic. It le­ver­a­ges a we­ak­ness of the RA­DI­US pro­to­col exe­cu­ted bet­ween VPN end­point and RA­DI­US ser­ver, and al­lows an “in­si­der” at­ta­cker to read the VPN traf­fic of other users or to esca­la­te its own pri­vi­ledges with si­gni­fi­cant­ly smal­ler ef­fort than pre­vious­ly known at­tacks on MS-CH­AP­v2.

[http] [pdf]

Tags: cross-pro­to­col at­tack, known plain­text at­tack, MS-CH­AP­v2, PPTP, RA­DI­US, VPN