thr3ads.net - Secure testing team - [Secure-testing-team] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead [Jan 2012]

If this information is useful, please help other people find it:
Share via:

Josh Triplett

2012-Jan-15 13:49 UTC

[Secure-testing-team] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Package: network-manager-gnome
Version: 0.9.2.0-1
Severity: grave
Tags: security

I followed the following steps:

- Connect to a wired network.
- Click the network-manager-gnome icon, and select "Create New Wireless
  Network..."
- Type a network name.
- Select "WPA & WPA2 Personal".
- Click "Show password".
- Paste in a secure password (from pwgen -s 12).
- Click "Create".
- Observe that NetworkManager''s icon for the network includes the lock
  icon indicating a secure network.
- Attempt to connect to the network from my N900.
- Observe that network icon shows lack of security.
- Observe that I can connect to the network and access the Internet
  through the network without providing the previously-specified
  password.


Note that creating a network using WEP results in a WEP-"secured"
network, rather than an unsecured network.  This issue only seems to
happen when attempting to create a WPA network.

- Josh Triplett

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''stable''), (1, ''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager-gnome depends on:
ii  dbus-x11             1.4.16-1
ii  dpkg                 1.16.1.2
ii  gconf2               3.2.3-1
ii  gnome-icon-theme     3.2.1.2-1
ii  libatk1.0-0          2.2.0-2
ii  libc6                2.13-24
ii  libcairo-gobject2    1.10.2-6.2
ii  libcairo2            1.10.2-6.2
ii  libdbus-1-3          1.4.16-1
ii  libdbus-glib-1-2     0.98-1
ii  libfontconfig1       2.8.0-3
ii  libfreetype6         2.4.8-1
ii  libgconf2-4          3.2.3-1
ii  libgdk-pixbuf2.0-0   2.24.0-2
ii  libglib2.0-0         2.28.6-1
ii  libgnome-bluetooth8  3.2.1-1
ii  libgnome-keyring0    3.2.0-3
ii  libgtk-3-0           3.0.12-2
ii  libnm-glib-vpn1      0.9.2.0-1
ii  libnm-glib4          0.9.2.0-1
ii  libnm-gtk0           0.9.2.0-1
ii  libnm-util2          0.9.2.0-1
ii  libnotify4           0.7.4-1
ii  libpango1.0-0        1.29.4-2
ii  network-manager      0.9.2.0-1
ii  policykit-1-gnome    0.105-1

Versions of packages network-manager-gnome recommends:
ii  gnome-bluetooth                        3.2.1-1
ii  iso-codes                              3.32-1
ii  libpam-gnome-keyring [libpam-keyring]  3.0.3-2
ii  mobile-broadband-provider-info         <none>
ii  notification-daemon                    0.7.3-1

Versions of packages network-manager-gnome suggests:
pn  network-manager-openvpn-gnome  <none>
pn  network-manager-pptp-gnome     <none>
pn  network-manager-vpnc-gnome     <none>

-- no debconf information

Secure testing team - Jan 2012 - Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

[Secure-testing-team] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead