I am using an Atheros chip with madwifi driver version 0.9.3.1. The steps which I am using to reproduce the bug are as follows:
Initially access point is using the key: 012345678
So to enable the wireless on client end, using the following set of commands:
insmod /lib/drivers/wlan.ko
insmod /lib/drivers/wlan_wep.ko
insmod /lib/drivers/wlan_scan_sta.ko
insmod /lib/drivers/ath_hal.ko
insmod /lib/drivers/ath_rate_sample.ko
insmod /lib/drivers/ath_pci.ko
iwconfig ath0 mode managed essid ankit008 key 0123456789 key open
ifconfig ath0 192.168.204.52
ifconfig ath0 up
After this I am able to send traffic to the access point and every thing works fine.
Now the key on the access point is changed to 1111111111, so I execute the following sets of commands on the client:
ifconfig ath0 down
iwconfig ath0 mode managed essid ankit008 key 1111111111 key open
ifconfig ath0 up
After this I am not able to send traffic to the access point. When I take a tcpdump on the access point then I see few sap(?) packets are coming from the client end. Although when I used iwconfig at client end I am able to see the changed key settings.