The Authentication Protocol

Again, the goal is for the base station to verify that a client joining the network really knows the shared secret key k.  Here's how the protocol works:
The base station sends a challenge string to the client
The client sends back the challenge, WEP-encrypted with the shared secret k
The base station checks if the challenge is correctly encrypted, and if so, accepts the client

So the adversary has now just seen both the plaintext and the ciphertext of this challenge!
This is enough not only to inject packets (as in the previous attack), but to execute the authentication protocol himself!