A company’s CEO has heard about Hole 196 and is connected that WPA/WPA2 will not protect
the company’s wireless communication from eavesdroppers.
Which statement describes the vulnerability?
A.
Hole 196 exploits a weakness in the WPA encryption algorithm but does not compromise
WPA2.
B.
Hole 196 allows an authorized user to spoof MAC addresses and detect the Group Transient
Group Transient key (GTK).
C.
Hole 196 exploits a weakness in both the WPA/WPA2 encryption algorithm, but you can
download a patch from your station or AP vendor.
D.
Hole 196 allows malicious authorized users to implement attacks such as ARP poisoning.
Explanation:
Student Guide Book 1 – Implementing and Troubleshooting HP Wireless Networks – Page 4-60Hole 196GTKs in WPA/WPA2 open a vulnerability called Hole 196:
-All stations and the AP share the same GTKs, and these keys do not providedata authenticity.
-A malicious authorized user can send a message encrypted with the GTK toother stations,
spoofing the AP MAC address (BSSID, or Basic Service SetIdentifier).
With this message, the hacker can implement a number of attacks. One of the mostdangerous is
an ARP poisoning attack. ARP poisoning occurs when a hacker forgesan ARP response that
binds the wrong MAC address to an IP address. Other devicesthen send traffic to the wrong
location.
Hole 196 is not a weakness in the encryption, and WPA2 has not been cracked.
Instead Hole 196 is a vulnerability—exploitable by authorized users only—of theway WPA/WPA2
works. If you are concerned that authorized users could launchsuch an attack, you can implement
a wireless IDS/IPS, such as HP RF Manager
Controller and the MSM415 sensor, which detects stations spoofing the AP MACaddress.