A vulnerability in the WPA2 Enterprise standard allows an authorized user to spoof packets on the network and thereby perform man-in-the-middle attacks, impersonating other users and injecting data into packets.More info at PC Mag.
The vulnerability will be presented at BlackHat Arsenal by AirTight Networks senior wireless security researcher Md Sohail Ahmad.
Complete details of the attack, designated "Hole 196" by Ahmad, aren't yet available, but it may be limited to the WPA2-EAP standard. It may not affect the WPA2-PSK used on smaller, unmanaged access points like home routers.
Security hole found in WPA2 protocol
Posted on Tuesday, July 27 2010 @ 5:35 CEST by Thomas De Maesschalck
Security firm AirTight Networks has discovered a vulnerability in the WPA2 Enterprise standard that allows attackers to spoof packets on the network: