MS-CHAP Authentication / Bug 17

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Sep 21 19:43:08 CEST 2009


Hi,

> Actually, the problem definitely impacts PEAP/MSCHAPv2 (and I believe TTLS/MSCHAPv2 also because it's an error in MS-CHAP, but we don't use TTLS so I can't test that). (I haven't thought about it enough to know whether it affects v1, but it definitely occurs with v2 as that's where I found it.)
> 
> The problem occurs when the client creates the MS-CHAPv2 response and uses a userid whose case differs from what FR subsequently uses to create the challenge for ntlm_auth.

hmm, okay - I'll only be able to introduce core systrems with this patch in place
after 2nd October - we currently have a change freeze on main systems until then

alan



More information about the Freeradius-Users mailing list