Security

"Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker "Hole196".

Central to this vulnerability is the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.

In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network.

Is Aruba Also susceptible to this Vulnerability ?

An oldie but a goodie as they say...

Please have a look here to read up on the discussions from the past on Hole 196

http://community.arubanetworks.com/t5/Community-Knowledge-Base/Analysis-of-quot-Hole-196-quot-WPA2-Attack/ta-p/25382

Feel free to ask questions after reviewing of course.

JF

Thanks for the link.

We have 2 SSID's - 1 for staff that uses WPA2-PSK with AES and another for guests that uses captive portal. I've set the firewall to deny inter user bridging and to deny inter user traffic - I've also set it it to prohibit IP spoofing.

Can you tell me if I'm missing something?

We're running AP-105's with a 3600 controller (aruba 5.0.2.0 build 24926)