||A Technical Comparison of TTLS and PEAP|
|Subject:||TTLS versus PEAP|
Response to: TTLS versus PEAP
I would like to add something else against the Microsoft PEAPv0 implementation that is part of the Windows XP sp1 and Windows 2003 IAS: It seems that the IAS RADIUS server in sending in the clear to the access point the FULL MSCHAP V2 exchange(Challenge, Peer Challenge, NTResponse...) in RADIUS attribute in one of the last success RADIUS frame. The power of the PEAP implementation was that this exchange (in the Phase 2) was encrypted by the TLS established in the phase1. So why is IAS sending in the clear this exchange at the end of the authentication.
It seems that it is a huge security issue, or maybe i am mistaking...