Idea #10454: NM should not connect automaticly to unsecured network which was formerly secure

Written by DrScott the 29 Jun 08 at 10:40. Category: Security.
Related to: Network Manager. Status: New

Description

In my opinion this is a security problem. I can think of two scenarios:
* You are able/allowed to connet to a secured network and trust all other participants on that network. Now, by mistake, the encryption is disabled by the AP administrator. You still send confidential data over the network without knowing that everybody can evesdropping.
* Maybe this problem is also usable for an active attack: Is it possible to provide an access point with the same ssid / (MAC?) in a way, that it 'shadows' the proper access point? (sending with more power, sending on a different channel?)

Once a connection was established to a encrypted network, there should at least a warning if that encryption no longer exists (changed?).

Tags: (none)

Attachments

Bug #210459 : NM should not connect automaticly to unsecured network which was formerly a secure one

Duplicates

[Report a duplicate and merge its votes to this idea]

Comments

Eldmannen wrote on the 29 Jun 08 at 15:59

I agree.

If a network was secure, then suddenly is not, then something weird is going on.

It should bring up a warning.

JaapHaitsma wrote on the 29 Jun 08 at 16:58

Please file this bug in network manager here
http://bugzilla.gnome.org/enter_bug.cgi?product=NetworkManager

DrScott wrote on the 2 Jul 08 at 14:34

gnome bts: http://bugzilla.gnome.org/show_bug.cgi?id=541257

Post your comment