MS-CHAP provides mutual authentication.

Mutual authentication means both sides prove their identity to each other during the authentication exchange. In the original MS-CHAP flow, the client proves it knows the password by responding to the server’s challenge, and the server verifies that response to authenticate the client. However, the client does not have a reliable way to confirm the server’s identity, so the server isn’t authenticated to the client in a guaranteed, built-in way. That makes the process one-way in the classic MS-CHAP setup. Microsoft later introduced MS-CHAPv2, which adds steps that allow the client to verify the server and the server to verify the client, achieving mutual authentication. Because the basic MS-CHAP flow does not inherently provide mutual authentication, the statement is not correct. If you’re dealing with MS-CHAPv2, then mutual authentication is indeed provided.