d33tah / call-for-wpa3

Call for WPA3 - what's wrong with WPA2 security and how to fix it
240 stars 27 forks source link

Hole196 #13

Closed ryao closed 6 years ago

ryao commented 6 years ago

Is it too late to point out that there seems to be no discussion of how WPA3 will close hole196? It is a problem for WPA2 Enterprise APs that circumvents VLAN isolation. Those of us who use WPA2 Enterprise in our homes would appreciate a fix for Hole196.

ryao commented 6 years ago

After doing some digging, it appears that dynamic VLANs cause a different GTK to be set per (SSID,VLAN) tuple. This is only an issue when the clients are not allowed to communicate with one another on the same (SSID,VLAN) tuple. It would still be nice to close completely, but not as bad as I initially thought.