O/S/M Vulnerabilities

  • Open authentication vulnerabilities - no way for the AP to determine whether a client is valid or not (WEP encryption should be always implemented)

  • Shared key authentication vulnerabilities - requires the client to use a preshared WEP key. An attacker can capture both the plain-text challenge text and the cipher-text response and performs an exclusive (XOR) function on the plain-text with the cipher-text to produce the key stream

  • MAC address authentication vulnerabilities - an attacker can subvert the MAC authentication process by "spoofing" valid MAC address