11.4 Microsoft PPTP

Microsoft's Point to Point Tunneling Protocol (PPTP) uses TCP port 1723 for communication. Due to PPTP model complexity and reliance on MS-CHAP for authentication, PPTPv1 and PPTPv2 are vulnerable to several offline cryptographic attacks.

No active information-leak or user-enumeration vulnerabilities have been identified in PPTP to date, and so the service is adequately secure from determined remote attack (if the external attack has no access to the PPTP traffic).

For details of the multiple cryptographic weaknesses within PPTP, see Bruce Schneier's page that's dedicated to the protocol: http://www.schneier.com/pptp.html. A number of publicly available network sniffers can compromise PPTP MS-CHAP challenge/response hashes from the wire, including: