CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE

Allow unauthenticated pairing for paired device

Type: bool

Help

This option allows all unauthenticated pairing attempts made by the
peer where an unauthenticated bond already exists.
This would enable cases where an attacker could copy the peer device
address to connect and start an unauthenticated pairing procedure
to replace the existing bond. When this option is disabled in order
to create a new bond the old bond has to be explicitly deleted with
bt_unpair.

Direct dependencies

BT_SMP && BT_CONN && BT_HCI_HOST && BT_HCI && BT

(Includes any dependencies from ifs and menus.)

Defaults

No defaults. Implicitly defaults to n.

Kconfig definition

At <Zephyr>/subsys/bluetooth/host/Kconfig:336

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:42<Zephyr>/subsys/Kconfig:9<Zephyr>/subsys/bluetooth/Kconfig:313

Menu path: (Top) → Sub Systems and OS Services → Bluetooth → Security Manager Protocol support

config BT_SMP_ALLOW_UNAUTH_OVERWRITE
    bool "Allow unauthenticated pairing for paired device"
    depends on BT_SMP && BT_CONN && BT_HCI_HOST && BT_HCI && BT
    help
      This option allows all unauthenticated pairing attempts made by the
      peer where an unauthenticated bond already exists.
      This would enable cases where an attacker could copy the peer device
      address to connect and start an unauthenticated pairing procedure
      to replace the existing bond. When this option is disabled in order
      to create a new bond the old bond has to be explicitly deleted with
      bt_unpair.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)