Until now, the WPA security version known as ‘WPA2 (AES encryption) with 802.1x authentication’ was considered as one of most secure WiFi deployments by most wireless security experts. This is due to the resilience of this version to brute force dictionary attacks that can possibly cause intrusion into WPA/WPA2 PSK deployments

Also, the version is free from the TKIP vulnerability that is present on WPA TKIP deployments and can be used to launch potential attacks. However, with the newly discovered “Hole 196” vulnerability, this version now too is exposed to practical security problems.

To learn more about the “Hole 196” vulnerability, you need to wait for the live demo of the same entitled “WPA Too?!”, which is scheduled at BlackHat Arsenal on July 29 and at Defcon 18 on July 31 in Las Vegas. Let’s see how it goes…

That’s why using WPA2 CCMP is not enough, using WPA2 enterprise with openradius authentication via SSL or TLS is the most secure one.