git: dca1590eb5a2 - stable/13 - wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Mon, 11 Apr 2022 02:47:24 UTC

The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=dca1590eb5a2d5b388204d0c17ced8761f2c16fc

commit dca1590eb5a2d5b388204d0c17ced8761f2c16fc
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-16 02:18:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-11 02:46:54 +0000

    wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping
    
    When scan_ssid=1 the list of configured SSIDs is available to
    eavesdroppers.  Note this in the man page.
    
    PR:             194122
    Reviewed by:    debdrup, Pau Amma
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34576
    
    (cherry picked from commit 4f75af31a86ff71780f48a5b99cf814f61d77eae)
---
 usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 b/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5
index a2032c53bc6e..c22d3aa5da68 100644
--- a/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5
+++ b/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 26, 2018
+.Dd March 16, 2022
 .Dt WPA_SUPPLICANT.CONF 5
 .Os
 .Sh NAME
@@ -133,11 +133,12 @@ An
 or hex string enclosed in quotation marks.
 .It Va scan_ssid
 SSID scan technique; 0 (default) or 1.
-Technique 0 scans for the SSID using a broadcast Probe Request
-frame while 1 uses a directed Probe Request frame.
-Access points that cloak themselves by not broadcasting their SSID
-require technique 1, but beware that this scheme can cause scanning
-to take longer to complete.
+Technique 0 scans for the SSID using a broadcast Probe Request frame.
+Technique 1 uses directed Probe Request frames, sent to each configured SSID.
+Access points that cloak themselves by not broadcasting their SSID require
+technique 1.
+Beware that this technique can cause scanning to take longer to complete,
+and exposes the list of configured network SSIDs to eavesdroppers.
 .It Va bssid
 Network BSSID (typically the MAC address of the access point).
 .It Va priority