<P> WPA3 introduces a new alternative for configuration of devices that lack sufficient user interface capabilities by allowing nearby devices to serve as an adequate UI for network provisioning purposes, thus mitigating the need for WPS . </P> <P> Several weaknesses have been found in MS - CHAPv 2, some of which severely reduce the complexity of brute - force attacks making them feasible with modern hardware . In 2012 the complexity of breaking MS - CHAPv2 was reduced to that of breaking a single DES key, work by Moxie Marlinspike and Marsh Ray . Moxie advised: "Enterprises who are depending on the mutual authentication properties of MS - CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else ." </P> <P> Tunneled EAP methods using TTLS or PEAP which encrypt the MSCHAPv2 exchange are widely deployed to protect against exploitation of this vulnerability . However, prevalent WPA2 client implementations during the early 2000s were prone to misconfiguration by end users, or in some cases (e.g. Android), lacked any user - accessible way to properly configure validation of AAA server certificate CNs . This extended the relevance of the original weakness in MSCHAPv2 within MiTM attack scenarios . Under stricter WPA2 compliance tests announce alongside WPA3, certified client software will be required to conform to certain behaviors surrounding AAA certificate validation . </P> <P> Hole196 is a vulnerability in the WPA2 protocol that abuses the shared Group Temporal Key (GTK). It can be used to conduct man - in - the - middle and denial - of - service attacks . However, it assumes that the attacker is already authenticated against Access Point and thus in possession of the GTK . </P>

35. how did the wi-fi alliance resolve the issues with wep