Breaking PPTP VPNs via RADIUS Encryption

Matthias Horst, Martin Grothe, Tibor Jager, Jörg Schwenk

15th International Conference on Cryptology and Network Security (CANS)


We describe an efficient cross-protocol attack, which enables an attacker to learn the VPN session key shared between a victim client and a VPN endpoint. The attack recovers the key which is used to encrypt and authenticate VPN traffic. It leverages a weakness of the RADIUS protocol executed between VPN endpoint and RADIUS server, and allows an “insider” attacker to read the VPN traffic of other users or to escalate its own priviledges with significantly smaller effort than previously known attacks on MS-CHAPv2.

[http] [pdf]

Tags: cross-protocol attack, known plaintext attack, MS-CHAPv2, PPTP, RADIUS, VPN