Bug : MS-CHAP-v2 / ntmlv1/ntmlv2

multiOTP / multiotp

multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.

http://www.multiOTP.net/

GNU Lesser General Public License v3.0

354 stars 76 forks source link

Bug : MS-CHAP-v2 / ntmlv1/ntmlv2 #62

Open jurgele opened 5 years ago

jurgele commented 5 years ago

Hello,

I'm trying to setup multiOTP 5.4.1.6 (PHP version 5.6.27) and FreeRADIUS 2.2.5 with OTP only (no PIN) and MS-CHAP-v2. I downloaded the multiOTP Hyper-V image and upgraded the multiOTP. The setup works with PAP, CHAP and MS-CHAP but does not work with MS-CHAP-v2. I receive ERROR: Authentication failed (and other possible unknown errors).

I ask kindly for some directions on how to investigate the cause of error.

Kind regards,

Gregor

multiOTP commented 5 years ago

Hello, we will look into this in the next few days. Have a great day. Yann

multiOTP commented 3 years ago

Hello, This is an old issue now. Could you confirm that MS-CHAPv2 is now working for you, at least with the last version 5.8.1.9 ? Regards,

zapotah commented 2 years ago

Posting to this issue as it seems that something is going completely wrong with the mschapv2 challenge and response generation with multiotp for otp verification. My guess is, looking at the code at CalculateMsChap2Response, that multiotp is doing ntlmv1 hashes for mschapv2 when literally everything on the planet does ntlmv2 these days and ntlmv1 is completely disabled.

multiOTP commented 2 years ago

Hello, Thanks a lot for the info. We are planning on looking at this in January 2022. Best regards.