In
PPP, PAP provides a simple method for a remote node to establish its identity, using a two-way
handshake. The remote node repeatedly sends a
username/
password pair across the link until
authentication is acknowledged or the connection is terminated.
Weaknesses: Passwords are sent across the link in
clear text, and there is no protection from
playback or repeated
brute-force attacks. The
remote node is in control of the frequency and timing of the login attempts.