According to the company, the vulnerability lies in the authentication scheme WiFi, known as PEAP-MS-CHAPv2, which is used by Windows Phone-smartphone for a WiFi-networks that are protected by technological WPA2. Cryptographic vulnerability in technology created Microsoft, allows attackers to restore the login information for a secure enterprise domains and resources when the client connects to the victim of false access point.
Note that Microsoft released a bulletin for more than a year after the independent experts have developed an algorithm of attack that works against MS-CHAPv2. Independent experts say that a new attack is largely based on previously identified vulnerabilities, and comes from the fact that Windows Phone does not check the digital certificates of authenticity for points.
In the company, said that with proper implementation of the attack, the attacker can quite easily get access to private corporate resources. The company also said that it is not planning to release a patch for this vulnerability and will include it in the overall composition of updates, and corporate network administrators Corporation advised to use digital certificates for access points to the network. Also in the Microsoft bulletin contains information about how to configure the authentication process to Windows Phone 8 to work with a digital certificate from the WiFi AP.
Detailed technical information is available at http://technet.microsoft.com/en-us/security/advisory/2876146
No comments:
Post a Comment