Bug 470825 - NM connects different users to WEP network without password demand
NM connects different users to WEP network without password demand
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: NetworkManager (Show other bugs)
5.3
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Dan Williams
Vladimir Benes
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-10 09:27 EST by Vladimir Benes
Modified: 2008-11-14 05:16 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-14 05:16:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vladimir Benes 2008-11-10 09:27:54 EST
Description of problem:
NM allows different user to connect to WEP encrypted network without password demand.. 

Version-Release number of selected component (if applicable):
NetworkManager-0.7.0-0.11.svn4185

How reproducible:


Steps to Reproduce:
1.connect to WEP password
2.log out (doesn't matter if ctrl+alt+backspace or menu log out)
3.log in as different user

  
Actual results:
you are connected to wireless network

Expected results:
you should be disconnected and asked for password

Additional info:
Comment 1 Cameron Meadors 2008-11-13 13:58:17 EST
This is potentially a security bug.  It is generally a good idea that a person know the password to a password protected service (wireless network) if they are connected to it. In this case the new user may or may not know the password to the wireless network that another user previously connected to.

Network manager should verify that the password is known by the new user, either through a dialog or save on disk in a keyring.  If not, any user on the system can access a protected network and therefore protected data, without knowing the password.

I am going to proposed this on the basis that it exposed a security risk.
Comment 2 Cameron Meadors 2008-11-13 14:18:50 EST
Looking to see if a wireless connection was added with system-config-network.  If it is there then this bug is moot.
Comment 3 Dan Williams 2008-11-13 16:43:52 EST
Marking as needinfo until cameron can verify that no ifcfg connections are wifi.  ifcfg connections are expected to work before login and persist across user switches.
Comment 4 Vladimir Benes 2008-11-14 05:08:46 EST
hmm.. this is actually an ifcfg device (wlan0) so this bug is obviously moot. When you leave it only in NM it disconnects itself when logging out. I think it could be taken as security risk but it is also included by design :-/

Note You need to log in before you can comment on or make changes to this bug.