Bug 194122

Summary: add a security caution to wpa_supplicant.conf.5
Product: Base System Reporter: jhs
Component: wirelessAssignee: Ed Maste <emaste>
Status: Closed FIXED    
Severity: Affects Many People CC: emaste
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
See Also: https://reviews.freebsd.org/D34576
Attachments:
Description Flags
patch for wpa_supplicant.conf.5 none

Description jhs 2014-10-03 21:21:11 UTC 
Created attachment 147946 [details]
patch for wpa_supplicant.conf.5

+ Security Caution, If you assert scan_ssid=1 (Instead of default scan_ssid=0):
+ .in +2
+ Instead of just sending a broadcast Probe Request frame,
+ FreeBSD would also send directed Probe Request frames with specific names.
+ Those network names would be observable to hostile 3rd parties,
+ & could be abused as per
+ http://www.bbc.com/news/technology-28891937
+ http://lists.freebsd.org/pipermail/freebsd-wireless/2014-October/005097.html
+ .in -2
Comment 1 Ed Maste freebsd_committer freebsd_triage 2022-03-16 02:21:05 UTC 
proposed wpa_supplicant.conf.5 update in https://reviews.freebsd.org/D34576
Comment 2 commit-hook freebsd_committer freebsd_triage 2022-03-16 23:34:29 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4f75af31a86ff71780f48a5b99cf814f61d77eae

commit 4f75af31a86ff71780f48a5b99cf814f61d77eae
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-16 02:18:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-03-16 23:33:16 +0000

    wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping

    When scan_ssid=1 the list of configured SSIDs is available to
    eavesdroppers.  Note this in the man page.

    PR:             194122
    Reviewed by:    debdrup, Pau Amma
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34576

 usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-04-11 02:47:28 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=dca1590eb5a2d5b388204d0c17ced8761f2c16fc

commit dca1590eb5a2d5b388204d0c17ced8761f2c16fc
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-16 02:18:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-11 02:46:54 +0000

    wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping

    When scan_ssid=1 the list of configured SSIDs is available to
    eavesdroppers.  Note this in the man page.

    PR:             194122
    Reviewed by:    debdrup, Pau Amma
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34576

    (cherry picked from commit 4f75af31a86ff71780f48a5b99cf814f61d77eae)

 usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
Comment 4 Graham Perrin freebsd_committer freebsd_triage 2022-10-16 07:09:12 UTC 
Triage: assignment to the committer who closed the report.