EAP-MD5-Challenge Authentication Protocol
EAP-MD5-Challenge, which is described in RFC 2284, enables a RADIUS server to authenticate a connection request by verifying an MD5 hash of a user’s password. The server sends the client a random challenge value, and the client proves its identity by hashing the challenge and its password with MD5.
EAP-MD5-Challenge is typically used on trusted networks where risk of packet sniffing or active attack are fairly low. Because of significant security vulnerabilities, EAP-MD5-Challenge is not usually used on public networks or wireless networks, because third parties can capture packets and apply dictionary attacks to identify password hashes. Because EAP-MD5-Challenge does not provide server authentication, it is vulnerable to spoofing (a third party advertising itself as an access point).
By default, the EAP-MD5-Challenge password protocol is available for use by the Native and UNIX authentication methods. Support for the EAP-MD5-Challenge protocol is discussed in eap.ini file in the SBR Carrier Reference Guide.