New WPA2 vulnerability limited in threat
There have been a number of news reports over the weekend about next week’s demonstration of a WPA2 enterprise mode vulnerability from security vendor AirTight Networks. WPA2 is a set of security rating based on the IEEE 802.11i standard for wireless network security. Jennifer Jabbusch has some good analysis of the implications of this new vulnerability.
Basically, the vulnerability could allow authenticated users (someone who already has access to the wireless network) to forge broadcast packets coming from the wireless Access Point. It’s not entirely clear what the ramifications of this are, but we do know that there are much worse ramifications if an attacker already has full access to the network with legitimate login credentials. That’s not to say that this issue isn’t something to be concerned about, but so far it seems like it’s lower down the list of priorities and things to worry about.
Update – Devin Akin has more.