Moxie Marlinspike's CloudCracker promises it can crack any PPTP connection – within a day, for $200. We tried it out with a real session.
It certainly wasn't magic; after all, it took a couple days of waiting, a bit of elbow grease, a total of three bug reports, and $200. Moxie's CloudCracker is far from polished enough to be a real service, and the fact that credit cards are being charged $200 without any kind of receipt shows that the hackers aren't really thinking about customers.
But as a demo that puts the nail in PPTP and MSCHAPv2's coffin, CloudCracker is a complete success. The level of expertise required is relatively low – the biggest challenge of this test may be getting the accounting department to reimburse us that $200 without a receipt...
Those who are still using PPTP should find an alternative as soon as possible; options include L2TP/IPSec, IPSec with IKEv2 and OpenVPN. The same holds true, by the way, for corporate WLANs with WPA2 and EAP via MSCHAPv2, which can be cracked using the same concept. PEAP, the encoded variant, puts everything through an SSL tunnel whose security depends on users never accepting a fake certificate – and that can't be guaranteed for companies that use their own signed certificates.