NetworkManager detects an essid for a wireless network with hidden essid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
knetworkmanager (Ubuntu) |
Invalid
|
Undecided
|
Kees Cook |
Bug Description
Binary package hint: knetworkmanager
NetworkManager assign an essid for a wireless network hidden essid.
How to reproduce the problem:
1. Set up the Access Point (AP) with shared essid. For example with essid "Linksys"
2. Connect to the Access Point by NetworkManager.
3. Change the essid of AP to something else (for example XY) and change essid on AP to "hidden".
4. Restart Ubuntu. The detected network AP with the new essid XY will be reported by NetworkManager as "Linksys" while the correct essid is unknown.
My opinion, that this effect can be exploited in a form of Man in The Middle Attack,
where a hacker can expoit that NetworkManager will automatically connect the the old essid "Linksys".
Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing privilege boundaries to be crossed nor directly leading to data/privacy loss. Wireless networking is inherently insecure, so this is not really a failing of NetworkManager. Please feel free to report any other bugs you may find.