There is design for this item, and has been since April 2014. ** No longer affects: ubuntu-ux
** Description changed: The current network indicator does no checking of Wi-Fi key or passphrases, and thus allows a user to enter an invalid key or passphrase and initiate a connection attempt. For access points using WEP, there are four valid key lengths: - * 5 ASCII characters or 10 hex characters - * 13 ASCII characters or 26 hex characters + * 5 ASCII characters or 10 hex characters + * 13 ASCII characters or 26 hex characters + + <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>: + "“Connect Anyway” should be insensitive whenever the “Password:” field + does not contain 5 or 10 Ascii characters, or 13 or 26 hexadecimal + characters. The error color should be used to highlight any non-Ascii + characters regardless of length, and any non-hexadecimal characters + whenever there are 12 or more characters (such that you’re more likely + to be aiming for 13 or 26 than for 5 or 10)." For APs using WPA Personal/PSK, a valid passphrase can be between 8 and 63 characters in length. A full 256-bit key can be specified by entering 64 hex characters. + + <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>: + "“Connect” should be insensitive whenever the “Password:” field contains + fewer than 8 characters, more than 64 characters, or exactly 64 + characters where any of them are not hexadecimal. Whenever there are + exactly 64 characters, any non-hexadecimal characters should be + highlighted in the error color." Note, the chewie server should also probably do some validation as well. It shouldn't be possible for a new network to be created with a single character key ( see attached file ). Steps to Reproduce: 1. Open the network menu and select an access point known to be using WEP security 2. Enter a 1 character key 3. Click OK Expected Result: The user cannot initiate a connection with an invalid key. Actual Result: The auth dialog is dismissed and the user appears connected ( note, this is another problem ) Build Details: Manhattan/Maguro #160 chewie: 0.2.6~quantal1 indicators-client-plugin-network: 0.20~quantal1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to indicator-network in Ubuntu. https://bugs.launchpad.net/bugs/1091391 Title: [indicators] [network] No Validation of Wi-Fi Key/Passphrases is performed Status in indicator-network package in Ubuntu: Triaged Bug description: The current network indicator does no checking of Wi-Fi key or passphrases, and thus allows a user to enter an invalid key or passphrase and initiate a connection attempt. For access points using WEP, there are four valid key lengths: * 5 ASCII characters or 10 hex characters * 13 ASCII characters or 26 hex characters <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>: "“Connect Anyway” should be insensitive whenever the “Password:” field does not contain 5 or 10 Ascii characters, or 13 or 26 hexadecimal characters. The error color should be used to highlight any non-Ascii characters regardless of length, and any non-hexadecimal characters whenever there are 12 or more characters (such that you’re more likely to be aiming for 13 or 26 than for 5 or 10)." For APs using WPA Personal/PSK, a valid passphrase can be between 8 and 63 characters in length. A full 256-bit key can be specified by entering 64 hex characters. <https://wiki.ubuntu.com/Networking#wi-fi-authentication-variations>: "“Connect” should be insensitive whenever the “Password:” field contains fewer than 8 characters, more than 64 characters, or exactly 64 characters where any of them are not hexadecimal. Whenever there are exactly 64 characters, any non-hexadecimal characters should be highlighted in the error color." Note, the chewie server should also probably do some validation as well. It shouldn't be possible for a new network to be created with a single character key ( see attached file ). Steps to Reproduce: 1. Open the network menu and select an access point known to be using WEP security 2. Enter a 1 character key 3. Click OK Expected Result: The user cannot initiate a connection with an invalid key. Actual Result: The auth dialog is dismissed and the user appears connected ( note, this is another problem ) Build Details: Manhattan/Maguro #160 chewie: 0.2.6~quantal1 indicators-client-plugin-network: 0.20~quantal1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1091391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
