Project

General

Profile

Bug #3034

Security FLAW in pfSense Wireless Found

Added by Steven Anderson over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
-
Category:
Wireless
Target version:
Start date:
06/09/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:

Description

I have found a security flaw in pfSense wireless. If you enable WPA2 for security and use a password for the pre shared key that is too long the security appears to be enabled but anyone connecting to the wireless network can access the wireless network without entering a password. No warning is given in the web configurator admin panel and it appears to be enabled. But on the wireless side of things No authentication is displayed.

Work Around: Use shorter passwords.

Associated revisions

Revision df78d8cc (diff)
Added by Renato Botelho over 6 years ago

Fix max length for wpa passphrase, it fixes #3034

Revision 2ca43251 (diff)
Added by Renato Botelho over 6 years ago

Fix max length for wpa passphrase, it fixes #3034

Revision 664f9f3b (diff)
Added by Renato Botelho over 6 years ago

Fix max length for wpa passphrase, it fixes #3034

History

#1 Updated by Renato Botelho over 6 years ago

What is the length of the password you got the issue?

#2 Updated by Renato Botelho over 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#5 Updated by Renato Botelho over 6 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF