342728 – Security bug/Regression: altSubjectMatch disappeared with the move to plasma-nm

Bug 342728 - Security bug/Regression: altSubjectMatch disappeared with the move to plasma-nm

Summary: Security bug/Regression: altSubjectMatch disappeared with the move to plasma-nm

Status:	RESOLVED FIXED

Alias:	None

Product:	plasma-nm
Classification:	Plasma
Component:	editor (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR grave
Target Milestone:	---
Assignee:	Lukáš Tinkl

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-11 10:15 UTC by Wilco Baan Hofman
Modified:	2015-10-24 16:34 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:	5.5.0

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Wilco Baan Hofman 2015-01-11 10:15:17 UTC

On WPA2 enterprise networks, the certificate identity information must ALWAYS be checked. There is no way to securely connect to a WPA2 enterprise network using plasma-nm.
This issue is exploited in the wild, on large public networks such as eduroam.

In ANY TLS connection, there are 3 things to verify:
1. The identity of the person you're trying to establish a connection with (subject)
2. The signature
3. Whether the signature is still valid.

The first is made impossible by this regression and introduces a security hole, where anybody can capture credentials, provided they have ANY certificate from the same CA.

It is current best practise to implement public certificates on a WPA2 enterprise network, because this allows new devices to automatically PIN the CA and altsubjectname information.  The old KDE networkmanagement implementation worked, because there was the option to select which server to connect to, which did a altsubject_match in wpa_supplicant.

On OS X and IOS, the fingerprint of the certificate is pinned, this prevents exploitation, but presents users with a dialog to override and does not allow replacing of the certificates.

I propose that CA + altsubjectname pinning is implemented (though this may be a network-manager issue) and at the very least that the option to "Connect to these servers" is returned.

Reproducible: Always

Comment 1 Wilco Baan Hofman 2015-01-14 18:01:07 UTC

Hi,

wpa_supplicant just committed a fix.

There is a new parameter called domain_match, which has the following
behaviour:
It exact-matches against the DNS parts of subjectAltName and falls back to an
exact CN match.

To be implemented to fix the security bug:
- a GUI component for server DNS name

Please include the domain_match parameter in the GUI.

Comment 2 Jan Grulich 2015-09-22 11:07:42 UTC

Git commit 92faca4156698df2aee896dbd3a1a6734be58056 by Jan Grulich.
Committed on 22/09/2015 at 11:04.
Pushed by grulich into branch 'master'.

Add WPA/WPA2 Enterprise (partial) validation + options to add subjectMatch and altSubjectMatch properties

M  +2    -0    libs/editor/CMakeLists.txt
A  +68   -0    libs/editor/listvalidator.cpp     [License: GPL (v2/3)]
A  +47   -0    libs/editor/listvalidator.h     [License: GPL (v2/3)]
M  +142  -1    libs/editor/settings/security802-1x.cpp
M  +13   -1    libs/editor/settings/security802-1x.h
M  +105  -49   libs/editor/settings/ui/802-1x.ui
M  +6    -0    libs/editor/settings/wifisecurity.cpp
A  +94   -0    libs/editor/widgets/editlistdialog.cpp     [License: GPL (v2/3)]
A  +58   -0    libs/editor/widgets/editlistdialog.h     [License: GPL (v2/3)]