Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

1.6 Applicability Statement

The Extensible Authentication Protocol Method for Microsoft CHAP is used when an EAPsession is already set up and MSCHAPv2 is negotiated between a peer and its EAP server, as specified in [RFC3748] and [RFC2759], respectively.

The Extensible Authentication Protocol Method for Microsoft CHAP is susceptible to dictionary attacks and any other vulnerabilities of MSCHAPv2. It should only be used by itself in environments where it is safe from eavesdroppers. In other cases (for example, in wireless networks), it is recommended that EAP with the MSCHAPv2 authentication method is run with encryption to provide additional protection.

The client and server implementations of this protocol will interoperate if the username is made up of standard ASCII characters. If the username is made up of extended ASCII characters, the code pages of the client and server have to be the same for the client and server to interoperate.

For more information, see [MS-PEAP] or [RFC2716].

The Extensible Authentication Protocol Method for Microsoft CHAP security claims are specified in section 5.

The client and server implementations of this protocol have to use the same system active ANSI code page as specified in [MS-UCODEREF] section 2.2.1 for them to interoperate successfully.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.