Open system authentication vulnerabilities:
Authentication is based on a match of SSIDs
Several ways that SSIDs can be discovered covertly:
regular intervals the AP sends a beacon frame.
Beacon frames contain the SSID of the WLAN
Scanning- wireless device covertly looks for those beacon frames
Disable SSID broadcast on the AP where possible