CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE

Allow unauthenticated pairing for paired device

Allow unauthenticated pairing for paired device

Type: bool

Help

This option allows all unauthenticated pairing attempts made by the
peer where an unauthenticated bond already exists.
This would enable cases where an attacker could copy the peer device
address to connect and start an unauthenticated pairing procedure
to replace the existing bond. When this option is disabled in order
to create a new bond the old bond has to be explicitly deleted with
bt_unpair.

Help

This option allows all unauthenticated pairing attempts made by the
peer where an unauthenticated bond already exists.
This would enable cases where an attacker could copy the peer device
address to connect and start an unauthenticated pairing procedure
to replace the existing bond. When this option is disabled in order
to create a new bond the old bond has to be explicitly deleted with
bt_unpair.

Direct dependencies

(BT_SMP && BT_CONN && BT_HCI_HOST && BT_RPC_STACK) || (BT_SMP && BT_CONN && BT_HCI_HOST && BT_HCI && BT)

(Includes any dependencies from ifs and menus.)

Defaults

No defaults. Implicitly defaults to n.

Kconfig definitions

At <Zephyr>/subsys/bluetooth/host/Kconfig:329

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:33 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:2 → <nRF>/Kconfig.nrf:92 → <nRF>/subsys/Kconfig:10 → <nRF>/subsys/bluetooth/Kconfig:38 → <nRF>/subsys/bluetooth/rpc/Kconfig:196

Menu path: (Top) → Modules → nrf (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrf) → Nordic nRF Connect → Bluetooth Low Energy → BLE over nRF RPC → Security Manager Protocol support

config BT_SMP_ALLOW_UNAUTH_OVERWRITE
    bool "Allow unauthenticated pairing for paired device"
    depends on BT_SMP && BT_CONN && BT_HCI_HOST && BT_RPC_STACK
    help
      This option allows all unauthenticated pairing attempts made by the
      peer where an unauthenticated bond already exists.
      This would enable cases where an attacker could copy the peer device
      address to connect and start an unauthenticated pairing procedure
      to replace the existing bond. When this option is disabled in order
      to create a new bond the old bond has to be explicitly deleted with
      bt_unpair.

---

At <Zephyr>/subsys/bluetooth/host/Kconfig:329

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:44 → <Zephyr>/subsys/Kconfig:9 → <Zephyr>/subsys/bluetooth/Kconfig:180

Menu path: (Top) → Sub Systems and OS Services → Bluetooth → Security Manager Protocol support

config BT_SMP_ALLOW_UNAUTH_OVERWRITE
    bool "Allow unauthenticated pairing for paired device"
    depends on BT_SMP && BT_CONN && BT_HCI_HOST && BT_HCI && BT
    help
      This option allows all unauthenticated pairing attempts made by the
      peer where an unauthenticated bond already exists.
      This would enable cases where an attacker could copy the peer device
      address to connect and start an unauthenticated pairing procedure
      to replace the existing bond. When this option is disabled in order
      to create a new bond the old bond has to be explicitly deleted with
      bt_unpair.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)