Public bug reported: SRU Justification:
[ Impact ] Users who input an incorrect password to a WPA3-SAE Wi-Fi network will not receive a prompt to enter a new password when the authentication fails - instead, the connection will fail silently, and the user will need to "forget" the saved profile and try a fresh connection attempt. [ Test Plan ] 1. Set up a WPA3-SAE access point 2. On your test device, attempt to connect to the WPA3-SAE access point with the wrong password Expected behavior: User should be presented with a dialog to re-enter the password Actual behavior (without patch): The connection attempt will fail silently, and the user is never presented with an option to re-enter the password. As a result, they must forget the saved connection profile and try a fresh connection attempt. [ Fix ] In wpa_supplicant, refine could_be_psk_mismatch() so that it does *not* report a mismatch if the disconnect reason is WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, and add a wpas_notify_psk_mismatch() invocation to the SME connection handler so that it is invoked for WPA3-SAE networks as well. On Ubuntu releases prior to Questing, this will require: - Upstream patch a678a510fb20 (dbus: Add D-Bus signal for PSK mismatch heuristics) - https://lists.infradead.org/pipermail/hostap/2025-June/043584.html - https://lists.infradead.org/pipermail/hostap/2025-June/043583.html Questing will only require the last two. The last two will be applied as Ubuntu sauce patches, since hostap upstream is unresponsive. [ Where problems could occur ] Valid connection attempts to WPA3 networks should not be impacted by this change, since it only impacts the code path for authentication failures. (further analysis ongoing) [ Other Info ] Related to https://bugs.launchpad.net/ubuntu/+source/network- manager/+bug/2122458 ** Affects: wpa (Ubuntu) Importance: High Assignee: Mitchell Augustin (mitchellaugustin) Status: In Progress ** Affects: wpa (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: wpa (Ubuntu Noble) Importance: Undecided Status: New ** Affects: wpa (Ubuntu Plucky) Importance: Undecided Status: New ** Affects: wpa (Ubuntu Questing) Importance: High Assignee: Mitchell Augustin (mitchellaugustin) Status: In Progress ** Changed in: wpa (Ubuntu) Importance: Undecided => High ** Changed in: wpa (Ubuntu) Assignee: (unassigned) => Mitchell Augustin (mitchellaugustin) ** Changed in: wpa (Ubuntu) Status: New => In Progress ** Also affects: wpa (Ubuntu Plucky) Importance: Undecided Status: New ** Also affects: wpa (Ubuntu Questing) Importance: High Assignee: Mitchell Augustin (mitchellaugustin) Status: In Progress ** Also affects: wpa (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: wpa (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/2125203 Title: wpa_supplicant does not specify disconnection reason, which prevents NetworkManager from displaying password re-entry prompt on auth failure Status in wpa package in Ubuntu: In Progress Status in wpa source package in Jammy: New Status in wpa source package in Noble: New Status in wpa source package in Plucky: New Status in wpa source package in Questing: In Progress Bug description: SRU Justification: [ Impact ] Users who input an incorrect password to a WPA3-SAE Wi-Fi network will not receive a prompt to enter a new password when the authentication fails - instead, the connection will fail silently, and the user will need to "forget" the saved profile and try a fresh connection attempt. [ Test Plan ] 1. Set up a WPA3-SAE access point 2. On your test device, attempt to connect to the WPA3-SAE access point with the wrong password Expected behavior: User should be presented with a dialog to re-enter the password Actual behavior (without patch): The connection attempt will fail silently, and the user is never presented with an option to re-enter the password. As a result, they must forget the saved connection profile and try a fresh connection attempt. [ Fix ] In wpa_supplicant, refine could_be_psk_mismatch() so that it does *not* report a mismatch if the disconnect reason is WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, and add a wpas_notify_psk_mismatch() invocation to the SME connection handler so that it is invoked for WPA3-SAE networks as well. On Ubuntu releases prior to Questing, this will require: - Upstream patch a678a510fb20 (dbus: Add D-Bus signal for PSK mismatch heuristics) - https://lists.infradead.org/pipermail/hostap/2025-June/043584.html - https://lists.infradead.org/pipermail/hostap/2025-June/043583.html Questing will only require the last two. The last two will be applied as Ubuntu sauce patches, since hostap upstream is unresponsive. [ Where problems could occur ] Valid connection attempts to WPA3 networks should not be impacted by this change, since it only impacts the code path for authentication failures. (further analysis ongoing) [ Other Info ] Related to https://bugs.launchpad.net/ubuntu/+source/network- manager/+bug/2122458 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2125203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
