← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #84343

[Bug 1091391] Re: [indicators] [network] No Validation of Wi-Fi Key/Passphrases is performed

  Thread PreviousDate PreviousThread Next 
There is design for this item, and has been since April 2014.

** No longer affects: ubuntu-ux

** Description changed:

  The current network indicator does no checking of Wi-Fi key or
  passphrases, and thus allows a user to enter an invalid key or
  passphrase and initiate a connection attempt.
  
  For access points using WEP, there are four valid key lengths:
  
-  * 5 ASCII characters or 10 hex characters
-  * 13 ASCII characters or 26 hex characters
+  * 5 ASCII characters or 10 hex characters
+  * 13 ASCII characters or 26 hex characters
+ 
+ <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>:
+ "“Connect Anyway” should be insensitive whenever the “Password:” field
+ does not contain 5 or 10 Ascii characters, or 13 or 26 hexadecimal
+ characters. The error color should be used to highlight any non-Ascii
+ characters regardless of length, and any non-hexadecimal characters
+ whenever there are 12 or more characters (such that you’re more likely
+ to be aiming for 13 or 26 than for 5 or 10)."
  
  For APs using WPA Personal/PSK, a valid passphrase can be between 8 and
  63 characters in length.  A full 256-bit key can be specified by
  entering 64 hex characters.
+ 
+ <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>:
+ "“Connect” should be insensitive whenever the “Password:” field contains
+ fewer than 8 characters, more than 64 characters, or exactly 64
+ characters where any of them are not hexadecimal. Whenever there are
+ exactly 64 characters, any non-hexadecimal characters should be
+ highlighted in the error color."
  
  Note, the chewie server should also probably do some validation as well.
  It shouldn't be possible for a new network to be created with a single
  character key ( see attached file ).
  
  Steps to Reproduce:
  
  1. Open the network menu and select an access point known to be using WEP security
  2. Enter a 1 character key
  3. Click OK
  
  Expected Result:
  
  The user cannot initiate a connection with an invalid key.
  
  Actual Result:
  
  The auth dialog is dismissed and the user appears connected ( note, this
  is another problem )
  
  Build Details:
  
  Manhattan/Maguro #160
  
  chewie: 0.2.6~quantal1
  indicators-client-plugin-network: 0.20~quantal1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to indicator-network in
Ubuntu.
https://bugs.launchpad.net/bugs/1091391

Title:
  [indicators] [network] No Validation of Wi-Fi Key/Passphrases is
  performed

Status in indicator-network package in Ubuntu:
  Triaged

Bug description:
  The current network indicator does no checking of Wi-Fi key or
  passphrases, and thus allows a user to enter an invalid key or
  passphrase and initiate a connection attempt.

  For access points using WEP, there are four valid key lengths:

   * 5 ASCII characters or 10 hex characters
   * 13 ASCII characters or 26 hex characters

  <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>:
  "“Connect Anyway” should be insensitive whenever the “Password:” field
  does not contain 5 or 10 Ascii characters, or 13 or 26 hexadecimal
  characters. The error color should be used to highlight any non-Ascii
  characters regardless of length, and any non-hexadecimal characters
  whenever there are 12 or more characters (such that you’re more likely
  to be aiming for 13 or 26 than for 5 or 10)."

  For APs using WPA Personal/PSK, a valid passphrase can be between 8
  and 63 characters in length.  A full 256-bit key can be specified by
  entering 64 hex characters.

  <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>:
  "“Connect” should be insensitive whenever the “Password:” field
  contains fewer than 8 characters, more than 64 characters, or exactly
  64 characters where any of them are not hexadecimal. Whenever there
  are exactly 64 characters, any non-hexadecimal characters should be
  highlighted in the error color."

  Note, the chewie server should also probably do some validation as
  well.  It shouldn't be possible for a new network to be created with a
  single character key ( see attached file ).

  Steps to Reproduce:

  1. Open the network menu and select an access point known to be using WEP security
  2. Enter a 1 character key
  3. Click OK

  Expected Result:

  The user cannot initiate a connection with an invalid key.

  Actual Result:

  The auth dialog is dismissed and the user appears connected ( note,
  this is another problem )

  Build Details:

  Manhattan/Maguro #160

  chewie: 0.2.6~quantal1
  indicators-client-plugin-network: 0.20~quantal1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1091391/+subscriptions
  Thread PreviousDate PreviousThread Next