pyrad icon indicating copy to clipboard operation
pyrad copied to clipboard

Published 20 hours ago verified publisher icon pyradius

Decryption of salt encrypted attributes (encrypt=2) is incorrect

Open Thrushbeard opened this issue 1 year ago • 0 comments
trafficstars

A cleartext value is wrong for salt encrypted attributes in a RADIUS packet (e.g. MS-CHAP2 MPPE keys).

There are two points about a hash value:

  1. Decryption and encryption functions are not completely the same. The hash must use part of an encrypted value, not a decrypted one

https://github.com/pyradius/pyrad/blob/dd34c5a29b46d83b0bea841e85fd72b79f315b87/pyrad/packet.py#L595

last = data[:16] for the decryption.

  1. The initial hash value must use a request packet authenticator, not a reply packet authenticator

https://github.com/pyradius/pyrad/blob/dd34c5a29b46d83b0bea841e85fd72b79f315b87/pyrad/packet.py#L585

Thrushbeard avatar Mar 09 '24 10:03 Thrushbeard