Public bug reported:
Binary package hint: network-manager
First of all, i am not sure whether this is a bug in NM or nm-applet (if
at all).
I have an access point using PSK encryption. NetworkManger works as
expected. The key has been saved and after every system startup NM
automatically established a connection to the encrypted network.
Now it happens that i completley switched of encryption by mistake.
After the next reboot, NM established the connection to the unsecured
network without any warning. In my opinion this is a security problem. I
can think of two scenarios:
* You are allowed to connet to a secured network and trust all other
participants on that network. Now, by mistake, the encryption is disabled. You
still send confidential data over the network without knowing that anybody can
evesdropping.
* Maybe this problem is also usable for an active attack: Is it possible to
provide an access point with the same ssid / (MAC?) in a way, that it 'shadows'
the proper access point?
Once a connection was established to a encrypted network, there should
at least a warning if that encryption no longer exists (changed?).
I was able to reproduce this with Gutsy, ubuntu (nm-applet) as well as
kubuntu (knetworkmanager).
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
--
NM should not connect automaticly to unsecured network which was formerly a
secure one
https://bugs.launchpad.net/bugs/210459
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
