| Bug ID | 1047511 |
|---|---|
| Summary | plasma-nm does not pin WPA enterprise certificates |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | fvogt@suse.com |
| QA Contact | qa-bugs@suse.de |
| CC | alarrosa@suse.com, lnussel@suse.com |
| Found By | --- |
| Blocker | --- |
When not selecting a CA certificate file when connecting to a WPA enterprise secured network, it does neither show the certificate hash nor save it. This makes it possible for any attacker to impersonate the network. Tested with Plasma 5.10.3 on TW, to my knowledge all versions have this issue.