Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

WPA-Enterprise + PEAP + CHAPv2 vulnerable?

Everyone's tags (3)
2 REPLIES

WPA-Enterprise + PEAP + CHAPv2 vulnerable?

Hi Roman,

The article does not talk about PEAP-MSCHAPv2. It talks about MS-CHAPv2 only.

With PEAP-MSCHAPv2 the MSCHAPv2 authentication is done inside a TLS tunnel that is encrypted. The article talks about EAP-MSCHAPv2 that does not use a TLS tunnel to encrypt the authenticatoin process. So PEAP-MSCHAPv2 is still running OK and thanks to the TLS tunnel that prevents the attackers from seeing the MSCHAPv2 messages that being exchanged. This is why a certificate is being used on the AAA server when you use PEAP-MSCHAPv2. But if you use EAP-MSCHAPv2 then the certificate is not needed on the server and the vulnerability in the article is applied.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

WPA-Enterprise + PEAP + CHAPv2 vulnerable?

For more information:

RFC draft for PEAP: http://tools.ietf.org/id/draft-kamath-pppext-peapv0-00.txt
RFC draft for CHAP extentions (includs MSCHAPv2): http://tools.ietf.org/id/draft-kamath-pppext-eap-mschapv2-01.txt

Rating useful replies is more useful than saying "Thank you"
755
Views
5
Helpful
2
Replies
CreatePlease to create content