12 matches found
EUVD-2008-1619
Malware in sbrugna...
Microsoft Windows Phone PEAP-MS-CHAPv2身份验证协议安全漏洞
BUGTRAQ ID: 61592 Microsoft Windows Phone是微软开发的系列移动设备操作系统。 Windows Phone 8、Windows Phone 7.8用于WPA2无线身份验证的PEAP-MS-CHAPv2中存在安全漏洞,攻击者可利用此漏洞获取目标设备的敏感信息。要利用此漏洞,攻击者控制的系统需要充当已知的Wi-Fi访问点,使目标设备自动与该访问点进行身份验证,攻击者然后可以截获受害者的加密域证书,再利用PEAP-MS-CHAPv2协议内的漏洞获取网络资源。 0 Microsoft Windows Phone 8 Microsoft Windows Pho...
Hackers can steal Windows Phone passwords using Wi-Fi vulnerability
Microsoft has warned that a vulnerability in Windows Phone operating systems could allow hackers to access your login credentials. The vulnerability resides in a Wi-Fi authentication scheme known as PEAP-MS-CHAPv2, which Windows Phones use to access wireless networks protected by version 2 of the...
Windows 8 Phone Authentication Protocol Weakness
Microsoft issued a security advisory on Sunday, warning of a potential data leakage issue for Windows Phone users connecting to Wi-Fi hotspots. Hackers love to set traps for wireless users promising free Wi-Fi in airports, restaurants and other public areas. Once a mobile device connects to the...
Hackers can steal Windows Phone passwords using Wi-Fi vulnerability
Microsoft has warned that a vulnerability in Windows Phone operating systems could allow hackers to access your login credentials. The vulnerability resides in a Wi-Fi authentication scheme known as PEAP-MS-CHAPv2, which Windows Phones use to access wireless networks protected by version 2 of the...
Microsoft Warns Users About ChapCrack Tool Availability
Microsoft is warning customers about the availability of the ChapCrack tool that Moxie Marlinspike built to crack the VPN credentials for systems built on MS-CHAPv2 protocol. The company said that while it’s not aware of any active attacks using the tool, customers can protect themselves by...
New Tool From Moxie Marlinspike Cracks Some Crypto Passwords
Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft’s MS-CHAPv2 protocol. Marlinspike discussed the tool...
Watchguard Firebox user enumeration
Error code is different for invalid username and password for PPTP MS-CHAPv2 authentication...
Authentication flaw
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames...
CVE-2008-1618
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames...
CVE-2008-1618
CVE-2008-1618 : Watchguard Firebox PPTP VPN (pre-10) may leak valid usernames during MS-CHAPv2 authentication due to distinct error codes for valid vs invalid usernames. The documented behavior enables an attacker to enumerate valid usernames, facilitating targeted password guessing and potential...
Cisco IP Phone 7921不安全PEAP实现漏洞
BUGTRAQ ID: 27935 Cisco 7921是一部无线的IP电话。 Cisco IP Phone 7921认证机制实现上存在漏洞,远程攻击者可能利用此漏洞获取口令相关的信息。 如果将Cisco 7921 IP电话配置为使用PEAP (MS-CHAPv2)的话,就不会验证服务器证书。如果恶意用户建立了恶意的接入点且RADIUS后端的签名数字证书声明与客户端使用相同证书的话,由于客户端不会检查签名,因此就会认为正在与可信任的服务器通讯,可能会向服务器发送哈希口令或PIN。 Cisco IP Phone 7921 厂商补丁: Cisco -----...