A variation of the packet injection attack is authentication spoofing. In order to understand how this attack works, let's take another look at the shared key authentication process.
The client sends an authentication request to the AP.
The AP sends the client 128 bytes of challenge text.
The client encrypts the challenge text with its WEP key and sends the challenge response back to the AP.
The AP uses its knowledge of the WEP key to validate the challenge response and determine if the client does, in fact, know the shared secret key.
The AP responds to the client with a success or failure message.
The problem here is that if an attacker can observe this negotiation process, she ...