Wednesday, August 7, 2013

Microsoft Security Advisory (2876146) Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

Microsoft announced a security advisory that affects Windows Phone 8 and Windows Phone 7.8.

 "To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource."

 Here's the link for suggested actions from Microsoft...

http://technet.microsoft.com/en-us/security/advisory/2876146

No comments:

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c