Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure – Version: 1.0

Severity Rating:
Revision Note: V1.0 (August 4, 2013): Advisory published.
Summary: Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device. Microsoft is not currently aware of active attacks or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Leave a Reply