DecryptedTech

Sunday05 February 2023

Displaying items by tag: MSCHAPv2

Code

Microsoft has had its share of flaws to deal with over a wide range of products. So it is no surprise when we read that there is another “flaw” making the rounds that is related to an older flaw that someone exposed about a year ago. The first flaw was a laughable encryption scheme that was intended to protect the username and password when using PEAP-MSCHAPv2 authentication. In this flaw someone was able to quickly break the encryption and access the credentials used to log on. This flaw does require access to the device that the user was connecting to (RAIDUS server, Firewall, etc.) so it is a little harder to pull off. Now it looks like there is a further flaw that will remove the need to compromise other equipment.

Published in News

From The Blog