New Contributor

WPA2 Hole196 Vulnerability

"Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker "Hole196".

Central to this vulnerability is the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.

In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network.


Is Aruba Also susceptible to this Vulnerability ?


Re: WPA2 Hole196 Vulnerability

An oldie but a goodie as they say...


Please have a look here to read up on the discussions from the past on Hole 196


Feel free to ask questions after reviewing of course.



Occasional Contributor II

Re: WPA2 Hole196 Vulnerability

Thanks for the link.


We have 2 SSID's - 1 for staff that uses WPA2-PSK with AES and another for guests that uses captive portal. I've set the firewall to deny inter user bridging and to deny inter user traffic - I've also set it it to prohibit IP spoofing.


Can you tell me if I'm missing something?


We're running AP-105's with a 3600 controller (aruba build 24926)

Search Airheads
Showing results for 
Search instead for 
Did you mean: