WPA Enterprise and 802.1x Vulnerability in NetworkManager by Red Hat
CVE-2009-4144

Currently unrated

Key Information:

Vendor: Gnome
Status: Networkmanager
Vendor: CVE Published:; 23 December 2009

Summary

NetworkManager version 0.7.2 fails to validate the presence of the configured Certification Authority (CA) certificate during connection attempts for WPA Enterprise or 802.1x networks. This oversight could enable remote attackers to spoof wireless network identities, leading to potential exposure of sensitive information or disruption of connectivity.

References

http://www.securityfocus.com/bid/37580

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2009/12/16/3

mailing-listx_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 23, 2009
Vulnerability Reserved
Dec 1, 2009