Security

Reply
New Contributor

WPA2 Hole196 Vulnerability

"Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker "Hole196".

Central to this vulnerability is the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.

In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network.

 

Is Aruba Also susceptible to this Vulnerability ?

Aruba

Re: WPA2 Hole196 Vulnerability

An oldie but a goodie as they say...

 

Please have a look here to read up on the discussions from the past on Hole 196

 

http://community.arubanetworks.com/t5/Community-Knowledge-Base/Analysis-of-quot-Hole-196-quot-WPA2-Attack/ta-p/25382

 

Feel free to ask questions after reviewing of course.

 

JF

Occasional Contributor II

Re: WPA2 Hole196 Vulnerability

Thanks for the link.

 

We have 2 SSID's - 1 for staff that uses WPA2-PSK with AES and another for guests that uses captive portal. I've set the firewall to deny inter user bridging and to deny inter user traffic - I've also set it it to prohibit IP spoofing.

 

Can you tell me if I'm missing something?

 

We're running AP-105's with a 3600 controller (aruba 5.0.2.0 build 24926)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: