On its official website, Microsoft said it had become aware of a new vulnerability terminals with Windows Phone 7.8 or Windows Phone 8. This concerns the Wi-Fi authentication PEAP-MS-CHAPv2 protocol used by the system to a WPA2 wireless connection.
In practice, an attacker could then create a Microsoft wireless access point explains that once connected the victim, "an attacker could then exploit vulnerabilities encryption protocol." The hacker would then be able to get the login information on a corporate network. "The attacker could then perform any action the user would be allowed to run on this network resource," says Microsoft.
The Redmond company does not intend to address this vulnerability and suggested adding a certificate placed on the company server before authentication in a wireless network.
