EAP/MSCHAPv2 code question

[Alan DeKok]

Julien.HOCHART at fr.thalesgroup.com wrote:
> The changes concern the case where the server receives a success.
> I actually cant figure how it can happen, because rfcs are always stating the server to send such messages to the clients.

  What if someone doesn't follow the RFC's?  You can't trust attackers
to do what they're supposed to do.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog