[Bug 272902] Security: allow passphrases for WPA-EAP to be saved without using clear text in a world-readable file

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 02 Aug 2023 21:58:12 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272902

            Bug ID: 272902
           Summary: Security: allow passphrases for WPA-EAP to be saved
                    without using clear text in a world-readable file
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: grahamperrin@gmail.com

% ls -hln /etc/wpa_supplicant.conf
-rwxrw-r-x  1 0 0  1.4K  2 Aug 11:15 /etc/wpa_supplicant.conf
% 

Connection to eduroam works if a clear text password is saved in this
world-readable file.

wpa_passhrase(8) can generate a 256-bit pre-shared WPA key, for example: 

wpa_passphrase eduroam

If the key (and not the clear text password) is saved in wpa_supplicant.conf(5)
then there will be no connection to eduroam. 

Keyword: security, however there's no need to obscure this bug report; the
clear text issue is well-known. 

Bug severity: minimal, because this is an enhancement request.

-- 
You are receiving this mail because:
You are the assignee for the bug.