0

I was just surprised to find out that devices when connecting to WiFi networks compare the SSID to known ones and try the saved password.

In other terms: I have replaced my home router, and my device connected on the new network right away after it had the same SSID and password.

Is this not a hazard? What if someone would set up a rogue network with same known SSID and devices would try the saved passwords? Wouldn't the impostor get to know the password they tried?

I believe there has to be some kind of secure layer around saved passwords but this still got me thinking.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Oliver Goossens
  • 101
  • Does this answer your question? [Is it possible to steal WPA2 key using a rogue AP?](https://security.stackexchange.com/questions/93804/is-it-possible-to-steal-wpa2-key-using-a-rogue-ap), [How does WPA2-PSK prevent evil twin password phishing?](https://security.stackexchange.com/questions/110927/how-does-wpa2-psk-prevent-evil-twin-password-phishing). – Steffen Ullrich Nov 01 '20 at 15:07
  • 1
    Devices don't send wifi password to access point. – defalt Nov 01 '20 at 15:18
  • Yes, it does :-) thank you all :-) – Oliver Goossens Nov 02 '20 at 16:03

0 Answers0