Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: Jáder on November 10, 2012, 07:14:55 PM

Title: MS PPTP bug #2743314
Post by: Jáder on November 10, 2012, 07:14:55 PM

I've seen this: http://technet.microsoft.com/pt-br/security/advisory/2743314
about a bug in PPTP+ CHAP.
I'm not sure if this affect our beloved SME servers... so here am I to ask all you:

    Should I disable PPTP as VPN on my SME 7.x and SME8.x servers?


Jáder

Title: Re: MS PPTP bug #2743314
Post by: CharlieBrady on November 10, 2012, 11:44:22 PM

If you concerned that anyone along the datapath between your users and your server might capture the PPTP traffic, and recover from the traffic your users passwords, then you should disable PPTP. Usually it will only be ISPs along the path who are able to do that.