Captive Portal-MS-CHAPv2 Auth
Zyxel Employee
Secure Authentication with MS-CHAPv2 for Captive Portal
Zyxel has added support for the MS-CHAPv2 protocol for Captive Portal authentication when using an external RADIUS server, providing a significantly more secure option than the traditional PAP method. This security enhancement is specifically available for Cloud Managed APs.
Security Advantages
MS-CHAPv2 utilizes non-reversible cryptographic hashing, ensuring that user passwords are never transmitted in plain text. This makes the password attribute invisible in RADIUS request messages, protecting credentials even if the network traffic is intercepted by an attacker.
Verification via Packet Capture
The security benefits can be visually confirmed using tools like Wireshark. While the default PAP method allows an attacker with the shared secret to easily decrypt and view user passwords, MS-CHAPv2 only reveals the challenge and response attributes (MS-CHAP-Challenge and MS-CHAP-Response), keeping the actual password secure.
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 229 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 662 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 305 Service & License
- 497 News and Release
- 95 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight