man in the middle in NetworkManager, wpa_supplicant,

2011-11-22T17:29:16
ID SUSE-SA:2011:045
Type suse
Reporter Suse
Modified 2011-11-22T17:29:16

Description

When 802.11X authentication is used (ie WPA Enterprise) NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by the same CA as used in the original network (CVE-2006-7246). If password based authentication is used (e.g. via PEAP or EAP-TTLS) this means an attacker could sniff and potentially crack the password hashes of the victims. The certificate checks are only performed on newly created connections. Users must therefore delete and re-create any existing WPA Enterprise connections using e.g. nm-connection-editor to take advantage of the checks. knetworkmanager is also affected by but a fix is currently not available. Users of knetworkmanager are advised to use nm-applet for 802.11X networks instead. The following document gives a more detailed explanation about the problem in general. Administrators are advised to take the opportunity to review security of their wireless networks if 802.11X authentication is used. http://www.suse.de/~lnussel/The_Evil_Twin_problem_with_WPA2-Enterprise_v1.1.pdf

Solution

There is no known workaround, please install the update packages. As precautionary measure you may turn off automatically connecting to WPA Enterprise networks.