Bug 194122 - add a security caution to wpa_supplicant.conf.5
Summary: add a security caution to wpa_supplicant.conf.5
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: wireless (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: Ed Maste
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-03 21:21 UTC by jhs
Modified: 2022-10-16 07:09 UTC (History)
1 user (show)

See Also:

Attachments
patch for wpa_supplicant.conf.5 (1.07 KB, patch)
2014-10-03 21:21 UTC, jhs 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description jhs 2014-10-03 21:21:11 UTC 
Created attachment 147946 [details]
patch for wpa_supplicant.conf.5

+ Security Caution, If you assert scan_ssid=1 (Instead of default scan_ssid=0):
+ .in +2
+ Instead of just sending a broadcast Probe Request frame,
+ FreeBSD would also send directed Probe Request frames with specific names.
+ Those network names would be observable to hostile 3rd parties,
+ & could be abused as per
+ http://www.bbc.com/news/technology-28891937
+ http://lists.freebsd.org/pipermail/freebsd-wireless/2014-October/005097.html
+ .in -2
Comment 1 Ed Maste freebsd_committer freebsd_triage 2022-03-16 02:21:05 UTC 
proposed wpa_supplicant.conf.5 update in https://reviews.freebsd.org/D34576
Comment 2 commit-hook freebsd_committer freebsd_triage 2022-03-16 23:34:29 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4f75af31a86ff71780f48a5b99cf814f61d77eae

commit 4f75af31a86ff71780f48a5b99cf814f61d77eae
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-16 02:18:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-03-16 23:33:16 +0000

    wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping

    When scan_ssid=1 the list of configured SSIDs is available to
    eavesdroppers.  Note this in the man page.

    PR:             194122
    Reviewed by:    debdrup, Pau Amma
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34576

 usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-04-11 02:47:28 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=dca1590eb5a2d5b388204d0c17ced8761f2c16fc

commit dca1590eb5a2d5b388204d0c17ced8761f2c16fc
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-16 02:18:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-11 02:46:54 +0000

    wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping

    When scan_ssid=1 the list of configured SSIDs is available to
    eavesdroppers.  Note this in the man page.

    PR:             194122
    Reviewed by:    debdrup, Pau Amma
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34576

    (cherry picked from commit 4f75af31a86ff71780f48a5b99cf814f61d77eae)

 usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
Comment 4 Graham Perrin freebsd_committer freebsd_triage 2022-10-16 07:09:12 UTC 
Triage: assignment to the committer who closed the report.