WiFi Security Types
Open
- Authentication: None
- Cipher: None
Vulnerabilities
- Passive Sniffing
- MITM/evil-twin
- Captive Portal Trust
- MAC Spoofing
WEP
- Authentication: Shared key
- Cipher: RC4
Vulnerabilities
- IV reuse
- Replay/injection
- Cracking (trivial)
WPA
- Authentication: PSK
- Cipher: TKIP/RC4
Vulnerabilities
- TKIP
- Cracking (passphrase complexity dependent)
- WPS exposure
- Authentication: PSK (4-way handshake)
- Cipher: CCMP/AES (avoid TKIP/mixed modes)
Vulnerabilities
- Offline bruteforce
- Captured 4-way handshake or PMKID when PSK is weak.
- WPS PIN brute-force/"Pixie Dust" if enabled.
- Deauth/disassoc spoofing when PMF is disabled.
- KRACK/key-reinstallation on unpatched clients/APs
WPA2-Enterprise
- Authentication: 802.1X/EAP (e.g., PEAP-MSCHAPv2, EAP-TTLS, prefer EAP-TLS)
- Cipher: CCMP/AES
Vulnerabilities
- Evil-twin (no server certificate validation)
- Offline bruteforce user passwords (PEAP-MSCHAPv2 challenge capture)
- User enumeration via non-anonymous outer identity.
- Deauth/disassoc spoofing when PMF is disabled.
- KRACK/key-reinstallation on unpatched clients/APs.
- Weak/expired RADIUS certificates or poor PKI practices.
- Roaming features (11r/k/v) misconfigurations enabling downgrade/steering abuse.
WPA3-Personal (SAE)
- Authentication: SAE (dragonfly PAKE)
- Cipher: CCMP-128/GCMP-128
Vulnerabilities
- WPA2/WPA3 transition mode downgrade unless Transition Disable is enforced.
- Early Dragonblood-class side channels in unpatched stacks.
- Weak passphrases still allow online/side-channel guessing attempts (though offline is resisted).
- PMF policy gaps on legacy bands can re-enable deauth/disassoc vectors.
WPA3-Enterprise (128-bit)
- Authentication: 802.1X/EAP (typically EAP-TLS)
- Cipher: CCMP-128/GCMP-128
Vulnerabilities
- Same EAP/certificate pitfalls as WPA2-Enterprise (no server-cert validation, weak inner methods).
- Downgrade risk if WPA2 is permitted in mixed deployments; prefer WPA3-only where feasible.
- Operational misconfigurations: PMF enforcement gaps, certificate lifecycle/validation errors.
- Client compatibility gaps leading to fallback SSIDs with weaker settings.