Authenticated users can sniff WPA traffic?

["/dev/null" <exceed () email si>]

Hi list,

recently I came across this link:
http://seclists.org/pen-test/2005/Nov/0073.html

Basicaly, it states that authenticated users, in combination with ARP 
poisoning, can sniff WPA traffic. Can anybody confirm this is possible? If 
that's true, is there any way to prevent this?

I would really appreciate any info/link/paper regarding topic.

Thank you very much and happy new year...

/ex.

____________________
http://www.email.si/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/