CHAP passwords on Cisco routers need to be saved in type 7 format or with no encoding at all, never using secret. The reason is that CHAP needs a plaintext version of the password to work correctly, so the router has to have a way to reverse the string encoded in its configuration – secret doesn’t allow that.
So an example of properly defining a CHAP user-password pair is:
(config)#username test privilege 0 password 0 test
While you shouldn’t use:
(config)#username test privilege 0 secret 0 test