Ubuntu
network-manager package

WEP Key for one SSID carries over to all SSIDs

Bug #67788 reported by George Masters
260
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: network-manager

I have set up mutliple locations for the various networks I use (both wired and wireless). For my home Wi-Fi I have set up the location Home and entered the SSID and WEP key for my home network.

I then set up a location for Starbucks/T-mobile to access t-mobile hotspots located throughout Silicon Valley with the SSID t-mobile. This network doesn't use WEP, yet my WEP key from the home network shows up as ******* on this network. Removing the WEP key allows me to access this network. However, removing the WEP key from t-mobile also removes it from my Home Wi-Fi location as well.

Finally, I set up a location for our public library which has a wide open Wi-Fi and the Home WEP followed it there too! This bug is annoying and could also be a potential security issue as the wrong WEP key is sent to a secure network which has the potential to compromise the security of the network whose key was mistransmitted.

Revision history for this message
Bryce Harrington (bryce) wrote :

I'm running into the same thing. Two locations, each with their own WEP keys.

Switching from A to B seems to work ok, but when switching back from B to A, B's WEP key overwrite's A's.

It does seem to be a rather scary security issue, having WEP keys sent out unpredictably.

Revision history for this message
Kees Cook (kees) wrote :

Using the wrong WEP key on a given network won't give away anything more than is normally given away with a WEP'd network. Since they're shared keys, the key itself is never sent out on the network, it is just used to encrypt the traffic.

Regardless, I think it should be considered a security bug anyway, since you're not getting the security you're expecting out of your network. :)

Bryce Harrington (bryce)
Changed in network-manager:
importance: Undecided → Medium
status: Unconfirmed → Confirmed
Revision history for this message
Chris Wagner (chris-wagner) wrote :

When you say that your WEP key shows up as ********, where are you looking?

I'm wondering if this is the same issue that I'm seeing in bug 73759. When you are trying to connect to, e.g., t-mobile, and network-manager is attempting to use a WEP key (from your home or wherever), does it succeed in making a connection? Or do you have to *unset* the WEP key before any connection will be successfully made?

Revision history for this message
George Masters (gmasters2) wrote : Re: [Bug 67788] Re: WEP Key for one SSID carries over to all SSIDs

Actually, t-mobile acts like an open network and redirects the user to an authenticaiton page to enter their subscription information. They don't use WEP or WPA. I will try the WPA test on my home netwrok. WEP has worked with Ubuntu 7.04. WPA is a preferred method as it's more secure. I have noted that in the WEP case, you must put the actual hex values for the key. The ASCII pass phrase does not get translated to the proper hex values.

George Masters
Network Administration, Support and Training
Phone: 408.978.9479
Mobile: 408.242.4632
http://www.geocities.com/gmasters2
mailto://<email address hidden>

----- Original Message ----
From: Chris Wagner <email address hidden>
To: <email address hidden>
Sent: Thursday, March 8, 2007 2:16:43 PM
Subject: [Bug 67788] Re: WEP Key for one SSID carries over to all SSIDs

When you say that your WEP key shows up as ********, where are you
looking?

I'm wondering if this is the same issue that I'm seeing in bug 73759.
When you are trying to connect to, e.g., t-mobile, and network-manager
is attempting to use a WEP key (from your home or wherever), does it
succeed in making a connection? Or do you have to *unset* the WEP key
before any connection will be successfully made?

--
WEP Key for one SSID carries over to all SSIDs
https://launchpad.net/bugs/67788

____________________________________________________________________________________Got a little couch potato?
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz

Revision history for this message
Alexander Sack (asac) wrote :

can you please test this in gutsy? Do you still see this bug?

Changed in network-manager:
status: Confirmed → Incomplete
Revision history for this message
George Masters (gmasters2) wrote :

This bug still shows up in 7.10. At best, it's only partially fixed. The problem may lie in the fact that using the network-manager tool in administrator mode from the admin menu appears to behave differently than when using the tool from the network icon locaed in the upper right corner of the screen.

To test this, I setup the system to work with a secure WEP network in location A. I saved the settings as a location. The network functioned properly. I then went to location B and set up the network settings and got it working and saved that as a different location. I returned to location A and attempted to connect using my previous settings. The location was there, but the password appears to be clobbered.

Another anamoly I noted is that the configuration shows two wireless cards when I only have 1! The card in use was a Netgear MA1401 on my Toshiba Satellite laptop.

The way I would expect the tool to work is to set up the each network as a location and have the system scan for the network and apply the appropriate key and seamlessly connect to the network. If two or more networks are available, I would expect to be prompted for which network to connect to.

Another difference between the two tools is that the administrator's version does not allow showing the password as it's being typed in, whereas the one on the upper right corner does.

I am not sure that roaming works properly regardless of whether I check or uncheck the box in the configuraiton screen.

Leann Ogasawara (leannogasawara)
Changed in network-manager:
status: Incomplete → Confirmed
Revision history for this message
joss (joss-markham) wrote :

Just a comment to confirm I have the same issues setting up 2 WPA wireless locations in Ubuntu & Xubuntu 7.10. All the locations info (IP address/ESSID/etc) is correctly saved & recalled for each location, but the PSK is not. Problem seems to be entirely within Network Manager.

Revision history for this message
Alexander Sack (asac) wrote :

this should be fixed in hardy. If not, set status to incomplete and attach your complete syslog taken after you reproduced this bug. Thanks!

Changed in network-manager:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.