21 Sep
2009
21 Sep
'09
1:43 p.m.
Hi,
Actually, the problem definitely impacts PEAP/MSCHAPv2 (and I believe TTLS/MSCHAPv2 also because it's an error in MS-CHAP, but we don't use TTLS so I can't test that). (I haven't thought about it enough to know whether it affects v1, but it definitely occurs with v2 as that's where I found it.)
The problem occurs when the client creates the MS-CHAPv2 response and uses a userid whose case differs from what FR subsequently uses to create the challenge for ntlm_auth.
hmm, okay - I'll only be able to introduce core systrems with this patch in place after 2nd October - we currently have a change freeze on main systems until then alan