← Back to team overview

debcrafters-packages team mailing list archive

  1. debcrafters-packages team
  2. Mailing list archive
  3. Message #06949

[Bug 2122458] [NEW] Password re-entry popup does not appear on incorrect password entry with WPA3 networks

  Thread PreviousDate PreviousThread Next 
Public bug reported:

SRU Justification:

[ Impact ]

Users who input an incorrect password to a WPA3-SAE Wi-Fi network will
not receive a prompt to enter a new password when the authentication
fails - instead, the connection will fail silently, and the user will
need to "forget" the saved profile and try a fresh connection attempt.

[ Test Plan ]

1. Set up a WPA3-SAE access point
2. On your test device, attempt to connect to the WPA3-SAE access point with the wrong password

Expected behavior: User should be presented with a dialog to re-enter the password
Actual behavior (without patch): The connection attempt will fail silently, and the user is never presented with an option to re-enter the password. As a result, they must forget the saved connection profile and try a fresh connection attempt.

[ Fix ]

Add a new function need_new_wpa3_secret(), invoked via handle_8021x_or_psk_auth_fail(), that will prompt for a new secret if a disconnection occurs after the wpa_supplicant AUTHENTICATING state.
(This is needed since the current source is only adapted to WPA2, where authentication will fail during the 4-way handshake - whereas with WPA3-SAE, it can fail during the AUTHENTICATING state)

[ Where problems could occur ]

Valid connection attempts to WPA3 networks should not be impacted by
this change, since it only impacts the code path for authentication
failures.

However, the new user experience could be slightly unexpected in some
very niche scenarios - for example, if a system has multiple saved
(working) wifi profiles, and they attempt to connect to a WPA3 one with
the wrong password, they might not be used to it prompting them for the
password and waiting for input if they are used to it silently failing
and falling back to the next valid network.

[ Other Info ]
Upstream patch: TBD

Impacts Noble, Plucky, Questing

Likely impacts Jammy (to be confirmed)

** Affects: network-manager (Ubuntu)
     Importance: Medium
     Assignee: Mitchell Augustin (mitchellaugustin)
         Status: In Progress

** Affects: network-manager (Ubuntu Noble)
     Importance: Medium
         Status: New

** Affects: network-manager (Ubuntu Plucky)
     Importance: Medium
         Status: New

** Affects: network-manager (Ubuntu Questing)
     Importance: Medium
     Assignee: Mitchell Augustin (mitchellaugustin)
         Status: In Progress

** Changed in: network-manager (Ubuntu)
     Assignee: (unassigned) => Mitchell Augustin (mitchellaugustin)

** Changed in: network-manager (Ubuntu)
       Status: New => In Progress

** Changed in: network-manager (Ubuntu)
   Importance: Undecided => Medium

** Also affects: network-manager (Ubuntu Plucky)
   Importance: Undecided
       Status: New

** Also affects: network-manager (Ubuntu Questing)
   Importance: Medium
     Assignee: Mitchell Augustin (mitchellaugustin)
       Status: In Progress

** Also affects: network-manager (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Description changed:

  SRU Justification:
  
  [ Impact ]
  
  Users who input an incorrect password to a WPA3-SAE Wi-Fi network will
  not receive a prompt to enter a new password when the authentication
  fails - instead, the connection will fail silently, and the user will
  need to "forget" the saved profile and try a fresh connection attempt.
- 
  
  [ Test Plan ]
  
  1. Set up a WPA3-SAE access point
  2. On your test device, attempt to connect to the WPA3-SAE access point with the wrong password
  
  Expected behavior: User should be presented with a dialog to re-enter the password
  Actual behavior (without patch): The connection attempt will fail silently, and the user is never presented with an option to re-enter the password. As a result, they must forget the saved connection profile and try a fresh connection attempt.
  
  [ Fix ]
  
  Add a new function need_new_wpa3_secret(), invoked via handle_8021x_or_psk_auth_fail(), that will prompt for a new secret if a disconnection occurs after the wpa_supplicant AUTHENTICATING state.
  (This is needed since the current source is only adapted to WPA2, where authentication will fail during the 4-way handshake - whereas with WPA3-SAE, it can fail during the AUTHENTICATING state)
  
  [ Where problems could occur ]
  
  Valid connection attempts to WPA3 networks should not be impacted by
  this change, since it only impacts the code path for authentication
  failures.
  
  However, the new user experience could be slightly unexpected in some
  very niche scenarios - for example, if a system has multiple saved
  (working) wifi profiles, and they attempt to connect to a WPA3 one with
  the wrong password, they might not be used to it prompting them for the
  password and waiting for input if they are used to it silently failing
  and falling back to the next valid network.
  
  [ Other Info ]
  Upstream patch: TBD
  
- Impacts Jammy, Noble, Plucky, Questing
+ Impacts Noble, Plucky, Questing
+ 
+ Likely impacts Jammy (to be confirmed)

** Changed in: network-manager (Ubuntu Plucky)
   Importance: Undecided => Medium

** Changed in: network-manager (Ubuntu Noble)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2122458

Title:
  Password re-entry popup does not appear on incorrect password entry
  with WPA3 networks

Status in network-manager package in Ubuntu:
  In Progress
Status in network-manager source package in Noble:
  New
Status in network-manager source package in Plucky:
  New
Status in network-manager source package in Questing:
  In Progress

Bug description:
  SRU Justification:

  [ Impact ]

  Users who input an incorrect password to a WPA3-SAE Wi-Fi network will
  not receive a prompt to enter a new password when the authentication
  fails - instead, the connection will fail silently, and the user will
  need to "forget" the saved profile and try a fresh connection attempt.

  [ Test Plan ]

  1. Set up a WPA3-SAE access point
  2. On your test device, attempt to connect to the WPA3-SAE access point with the wrong password

  Expected behavior: User should be presented with a dialog to re-enter the password
  Actual behavior (without patch): The connection attempt will fail silently, and the user is never presented with an option to re-enter the password. As a result, they must forget the saved connection profile and try a fresh connection attempt.

  [ Fix ]

  Add a new function need_new_wpa3_secret(), invoked via handle_8021x_or_psk_auth_fail(), that will prompt for a new secret if a disconnection occurs after the wpa_supplicant AUTHENTICATING state.
  (This is needed since the current source is only adapted to WPA2, where authentication will fail during the 4-way handshake - whereas with WPA3-SAE, it can fail during the AUTHENTICATING state)

  [ Where problems could occur ]

  Valid connection attempts to WPA3 networks should not be impacted by
  this change, since it only impacts the code path for authentication
  failures.

  However, the new user experience could be slightly unexpected in some
  very niche scenarios - for example, if a system has multiple saved
  (working) wifi profiles, and they attempt to connect to a WPA3 one
  with the wrong password, they might not be used to it prompting them
  for the password and waiting for input if they are used to it silently
  failing and falling back to the next valid network.

  [ Other Info ]
  Upstream patch: TBD

  Impacts Noble, Plucky, Questing

  Likely impacts Jammy (to be confirmed)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2122458/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next