examples: ble_gatt: enable unauthenticated re-pairing

Allow unauthenticated pairings to replace existing unauthenticated
pairings. This allows centrals which have lost their bonding
information to re-pair.

Signed-off-by: Sam Friedman <[email protected]>

Author: sam-golioth

examples/ble_gatt/prj.conf

@@ -12,6 +12,18 @@ CONFIG_BT_BUF_ACL_TX_SIZE=251
 CONFIG_BT_BUF_ACL_RX_SIZE=251
 CONFIG_BT_L2CAP_TX_MTU=247
 
+# This allows centrals that connect using Just Works authentication
+# to re-pair. This can allow attackers to force a device to forget
+# a legitimate bond. In production applications, we recommend using
+# authenticated pairing, or if that is not an option, to limit the
+# times when pairing is possible (e.g. by requiring user interaction
+# to forget bonds or to enter pairing mode).
+# We enable this option in the example app because in the absence of
+# authenticated connections or another method for forcing the deletion
+# of bond data, Centrals that lose their bonding information will be
+# unable to reconnect.
+CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE=y
+
 # This is needed due to an off-by-one error in Kconfig defaults
 CONFIG_BT_CTLR_DATA_LENGTH_MAX=251