From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 6 Mar 2025 19:02:50 +0000 (-0500)
Subject: MS-CHAP is plain-text equivalent.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b229027b5d40eeecefe8abb82757da5cc5d1428e;p=thirdparty%2Ffreeradius-server.git

MS-CHAP is plain-text equivalent.

Mark the Challenge field as secret, so that it doesn't get
exposed when people run the server in debug mode.
---

diff --git a/share/dictionary/radius/dictionary.microsoft b/share/dictionary/radius/dictionary.microsoft
index da9c0976ad..d42d1c4692 100644
--- a/share/dictionary/radius/dictionary.microsoft
+++ b/share/dictionary/radius/dictionary.microsoft
@@ -16,7 +16,7 @@ ATTRIBUTE	CHAP-Error				2	string
 ATTRIBUTE	CHAP-CPW-1				3	octets[70]
 ATTRIBUTE	CHAP-CPW-2				4	octets[84]
 ATTRIBUTE	CHAP-LM-Enc-PW				5	octets
-ATTRIBUTE	CHAP-NT-Enc-PW				6	octets
+ATTRIBUTE	CHAP-NT-Enc-PW				6	octets	secret
 ATTRIBUTE	MPPE-Encryption-Policy			7	integer
 
 VALUE	MPPE-Encryption-Policy		Encryption-Allowed	1
@@ -33,7 +33,7 @@ VALUE	MPPE-Encryption-Types		RC4-40or128-bit-Allowed	6
 
 ATTRIBUTE	RAS-Vendor				9	integer	# content is Vendor-ID
 ATTRIBUTE	CHAP-Domain				10	string
-ATTRIBUTE	CHAP-Challenge				11	octets
+ATTRIBUTE	CHAP-Challenge				11	octets	secret
 ATTRIBUTE	CHAP-MPPE-Keys				12	octets[24]  encrypt=User-Password
 ATTRIBUTE	BAP-Usage				13	integer
 ATTRIBUTE	Link-Utilization-Threshold		14	integer # values are 1-100