RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 3 records.

Status: Verified (2)

RFC 2759, "Microsoft PPP CHAP Extensions, Version 2", January 2000

Source of RFC: pppext (int)

Errata ID: 391
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Andrew Roughan
Date Reported: 2002-08-26

Section 9.3 says:

  0-to-256-unicode-char Password:
  4D 79 50 77

  16-octet PasswordHash:
  FC 15 6A F7 ED CD 6C 0E DD E3 33 7D 42 7F 4E AC

It should say:

  0-to-256-char Password:
  4D 79 50 77

  0-to-256-unicode-char NtPassword:
  4D 00 79 00 50 00 77 00

  16-octet NtPasswordHash:
  FC 15 6A F7 ED CD 6C 0E DD E3 33 7D 42 7F 4E AC

Errata ID: 1924
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Alexey Melnikov
Date Reported: 2009-10-22
Verifier Name: Brian Haberman
Date Verified: 2012-05-09

Section 8.3 says:

   NtPasswordHash(
   IN  0-to-256-unicode-char Password,
   OUT 16-octet              PasswordHash )
   {
      /*
       * Use the MD4 algorithm [5] to irreversibly hash Password
       * into PasswordHash.  Only the password is hashed without
       * including any terminating 0.
       */
   }

It should say:

   NtPasswordHash(
   IN  0-to-256-unicode-char Password,
   OUT 16-octet              PasswordHash )
   {
      /*
       * Use the MD4 algorithm [5] to irreversibly hash Password
       * encoded in UTF-16-LE into PasswordHash.
       * Only the password is hashed without
       * including any terminating 0.
       */
   }

Notes:

Section 8.3 is silent on Unicode encoding used for passwords.
Section 9.2 seem to imply that the Unicode encoding used in UTF-16-LE.

Status: Rejected (1)

RFC 2759, "Microsoft PPP CHAP Extensions, Version 2", January 2000

Source of RFC: pppext (int)

Errata ID: 6429
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Valentin Atanasov
Date Reported: 2021-02-14
Rejected by: Eric Vyncke
Date Rejected: 2023-08-03

Section 9.1.2. says:

Authenticator authentication failure

                         <- Authenticator Challenge
       Peer Response/Challenge ->
                         <- Success/Authenticator Response

   (Authenticator Response verification fails, peer disconnects)

It should say:

Authenticator authentication failure

                         <- Authenticator Challenge
       Peer Response/Challenge ->
                         <- Failure/Authenticator Response

   (Authenticator Response verification fails, peer disconnects)

Notes:

According to section 6. Failure Packet is identical in format to the standard CHAP Failure packet, but there are different codes for success and for failure so in case of failure the returned code must be 4 thus in section 9.1.2. the line "<- Success/Authenticator Response" the response logic should be Failure, not Succsess.
--VERIFIER NOTES--
The example is when the authenticator fails authenticate itself to the peer (i.e., it is a rogue authenticator). MS-CHAPv2 is doing piggy-backed mutual authentication.

Report New Errata



Advanced Search