I posted my question already at https://answers.launchpad.net/network-manager/+question/26326 but didn't get a satisfying answer. Here's what i wrote:
---snip--- Im not sure whether to file a bug (or enhancement) for the following issue: Suppose you are connected to a _secured_ AP with SSID "XYZ". Fine. Now - for any reason - this AP is not running/visible/..., but another _unsecured_ AP "XYZ" (same SSID!) is available. (Maybe it is neccessary, that it uses the same MAC address. Due to lack of hardware/knowledge i can't verify that). Knetworkmanager automatically connects to that unsecured network, while the user is still thinking using the normal secured network. A security problem? I don't know, if it is possible to "overlay/hide" a network (using more power, another channel...) I tested this behaviour with the same AP: first i created a WPA2 secured AP and connected to that. Then i changed the AP to be unsecured. After a reboot of my computer, knetworkmanager connects without any warning. So in my test scenario "both" APs are using the same MAC addresse. But for a real "attack" this should be no problem. It seems that it is sufficient to unplug the power cable of my neighbours AP in a very short, unobserved moment, while providing a "backup" AP with same SSID/MAC at the same time... I posted the same question at https://answers.launchpad.net/ubuntu/+source/knetworkmanager/+question/26067 and recieved an answer which i understand to be a confirmation of my concern. But still my question where to file a bug report is not completly answered. What's your opinion? ---snip--- Best regards, Henning _______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list