04-27-2012 01:11 PM
"Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker "Hole196".
Central to this vulnerability is the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.
In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network.
Is Aruba Also susceptible to this Vulnerability ?
04-28-2012 08:10 AM
An oldie but a goodie as they say...
Please have a look here to read up on the discussions from the past on Hole 196
Feel free to ask questions after reviewing of course.
05-01-2012 12:40 PM
Thanks for the link.
We have 2 SSID's - 1 for staff that uses WPA2-PSK with AES and another for guests that uses captive portal. I've set the firewall to deny inter user bridging and to deny inter user traffic - I've also set it it to prohibit IP spoofing.
Can you tell me if I'm missing something?
We're running AP-105's with a 3600 controller (aruba 18.104.22.168 build 24926)