On 2018-06-26 16:38:05 +0200, Axel Beckert wrote: > Are you aware that you need to explicitly configure if a configuration > needs to be solely based on the ESSID? It's called "use these settings > for all wifis with this ESSID" or similar.
I have "Use these settings for all networks sharing this essid" ticked for eduroam, but it is apparently not honored. > And IMNSHO it's a security feature and not a bug that wicd does use > only the BSSID by default. That way credentials can't be leaked to to > rogue access points which share the same ESSID (which is easy to do). ... unless a certificate is used, which is my case. Another issue is that here, it was a *new* BSSID (well, I assume because it is a place where I had never came before). > > and when one updates the eduroam config, some old configs are not > > updated, and wicd can randomly use them later. > > In which case did this happen? With an ESSID where you had the "use > these settings for all wifis with this ESSID" flag set or not? See above. But I'm not aware if there is a global setting (in any case the local setting should have the precedence). > Am I right that you say that it's not an outdated password which might > be leaked, but the current password which is sent in an insecure way, > like WEP instead of WPA? There were some old settings with the new password and no certificate. This could have leaked. I never use WEP, always WPA2. > > Note: The UI just presents the essid, so that the user will generally > > not know what's going on. > > Which UI? WICD has several UIs (Gtk, Curses, CLI) and you filed that > bug report against wicd-daemon. (→ moreinfo, too) Gtk. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
