Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 15664 ideas, 77393 comments, 1416168 votes

Contributor JaapHaitsma


up
44
down
NM should not connect automaticly to unsecured network which was formerly secure  
NM should not connect automaticly to unsecured
network which was formerly a secure one (#210459)

In : network-manager (ubuntu)
Status : Triaged
Importance : Undecided
Assignee :
3 comments, 3 subscribers and 0 duplicates
bug
Written by DrScott the 29 Jun 08 at 10:40. Category: Security. Related to: Network Manager. New
In my opinion this is a security problem. I can think of two scenarios:
* You are able/allowed to connet to a secured network and trust all other participants on that network. Now, by mistake, the encryption is disabled by the AP administrator. You still send confidential data over the network without knowing that everybody can evesdropping.
* Maybe this problem is also usable for an active attack: Is it possible to provide an access point with the same ssid / (MAC?) in a way, that it 'shadows' the proper access point? (sending with more power, sending on a different channel?)

Once a connection was established to a encrypted network, there should at least a warning if that encryption no longer exists (changed?).

See the 3 comments (latest comment the 2 Jul 08 at 14:34) >>