PPTP Subject to Attack

PPTP VULNERABLE TO ATTACK
Reported August 5, 1998 by The L0pht

VERSIONS AFFECTED

  • Microsoft Dialup Networking 1.2x and earlier on Windows 95
  • Microsoft Remote Access Services on Windows NT 4.0 (both client and server)
  • Microsoft Routing and Remote Access Services on Windows NT Server 4.0
  • Microsoft Windows 98 Dialup Networking

DESCRIPTION

The L0pht released a PPTP Sniffer program as an add-on to their previously released L0phtcrack for Windows NT. The PPTP sniffer

DEMONSTRATION

The L0pht"s PPTP Sniffer program, which currently runs on UNIX systems, can be download from this site.

SOLUTION

Microsoft has published the following Knowledge Base (KB) articles on this issue:

Q154091, Windows 95 Dial-Up Networking 1.3 Upgrade Release Notes
http://support.microsoft.com/support/kb/articles/q154/0/91.asp

Q189594, RRAS Hotfix 3.0
http://support.microsoft.com/support/kb/articles/q189/5/94.asp

Q189595, Windows NT 4.0 PPTP Security Update
http://support.microsoft.com/support/kb/articles/q189/5/95.asp

Q189771, Windows 98 PPTP Security Update
http://support.microsoft.com/support/kb/articles/q189/7/71.asp

Microsoft highly recommends that users of affected software versions, listed in the "Affected Software Versions" section above, should download the appropriate patch. Complete URLs for each affected software version is given below.

Windows NT 4.0 RAS Users
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/pptp3-fix/

Windows NT 4.0 RRAS Users
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/rras30-fix/

Windows 95 Users
ftp://ftp.microsoft.com/softlib/mslfiles/msdun13.exe

Windows 98 Users
ftp://ftp.microsoft.com/softlib/mslfiles/dun40.exe

Strong Encryption Versions (128-bit)
http://mssecure.www.conxion.com/cgi-bin/ntitar.pl

To learn more about NT Security concerns, subscribe to NTSD

Credits
- Originally reported byThe L0pht
- Posted on The NT Shop on August 19, 1998
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish