EAP/MSCHAPv2 code question

Alan DeKok aland at deployingradius.com
Wed Nov 15 20:48:02 CET 2006

Julien.HOCHART at fr.thalesgroup.com wrote:
> The changes concern the case where the server receives a success.
> I actually cant figure how it can happen, because rfcs are always stating the server to send such messages to the clients.

  What if someone doesn't follow the RFC's?  You can't trust attackers
to do what they're supposed to do.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Devel mailing list