Decryption of salt encrypted attributes (encrypt=2) is incorrect

A cleartext value is wrong for salt encrypted attributes in a RADIUS packet (e.g. MS-CHAP2 MPPE keys).

There are two points about a hash value:

1. Decryption and encryption functions are not completely the same. The hash must use part of an encrypted value, not a decrypted one

https://github.com/pyradius/pyrad/blob/dd34c5a29b46d83b0bea841e85fd72b79f315b87/pyrad/packet.py#L595

`last = data[:16]` for the decryption.

3. The initial hash value must use a request packet authenticator, not a reply packet authenticator

https://github.com/pyradius/pyrad/blob/dd34c5a29b46d83b0bea841e85fd72b79f315b87/pyrad/packet.py#L585

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Decryption of salt encrypted attributes (encrypt=2) is incorrect #194

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Decryption of salt encrypted attributes (encrypt=2) is incorrect #194

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions