Service:
Protocol:
TCPPort:
1723Used for:
Port 1723 is used by the Point-to-Point Tunneling Protocol (PPTP), one of the earliest VPN protocols developed by MicrosoftWhy It’s Open
Port 1723 is used by the Point-to-Point Tunneling Protocol (PPTP), one of the earliest VPN protocols designed by Microsoft. It facilitates secure remote access by tunneling PPP packets over IP networks. This port is often found open on legacy VPN servers and older Windows environments still using PPTP for remote connectivity.
Common Risks
PPTP is considered deprecated and insecure by modern standards. Exposing port 1723, especially to the public internet, introduces several serious risk:
- Weak Encryption
PPTP uses MS-CHAPv2, which has known vulnerabilities and is easily broken using offline attacks. - Credential Cracking
Attackers can capture authentication handshakes and recover passwords using tools like asleap and chapcrack. - Man-in-the-Middle (MitM) Attacks
Lack of modern protections like certificate pinning makes PPTP traffic vulnerable to interception and manipulation. - Protocol Obsolescence
Many modern systems no longer support PPTP due to its weak security posture, making it incompatible and outdated. - Lateral Movement Risk
Successful exploitation can grant direct access to internal networks, exposing critical infrastructure.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sT -p 1723Check if GRE (protocol 47) is allowed (needed for PPTP):
Use tools like Wireshark or packet inspection to confirm GRE traffic is permitted.
Attempt to initiate VPN handshake:
Use a native Windows VPN client or tools like pptpscan to test handshake and detect PPTP support.
What to Look For
| Checkpoint | What it means |
|---|---|
| Port 1723 open externally | PPTP VPN service is publicly reachable |
| MS-CHAPv2 in use | Known broken encryption — easily crackable |
| No multi-factor auth | Makes brute-force attacks far easier |
| Outdated VPN software | May contain unpatched vulnerabilities |
Mitigation
- Disable PPTP
If possible, disable PPTP entirely and migrate to secure protocols like OpenVPN, WireGuard, or IKEv2/IPsec. - Restrict Access
Use firewall rules to limit access to port 1723 and GRE to specific IPs or VPN gateways. - Enforce Strong Passwords
Use complex, long passwords to slow down offline brute-force cracking. - Enable Account Lockout Policies
Prevent unlimited password attempts with rate-limiting and lockouts. - Monitor VPN Logs
Regularly inspect connection attempts and unusual activity to detect misuse.
Known CVEs and Exploits
- CVE-2012-4445 – Weakness in CHAP-based VPN authentication.
- CVE-2002-0124 – Buffer overflow in Microsoft PPTP VPN implementation.
- CVE-1999-0506 – Use of weak or no encryption on VPN connections.
- chapcrack + asleap exploit tool – Cracking PPTP handshakes to recover user credentials.