Describe three limitations of SSID hiding.

What will be an ideal response?

---

The SSID can be easily discovered even when it is not contained in beacon frames because it is transmitted in other management frames sent by the AP. Attackers with protocol analyzers can still detect the SSID even when SSID hiding is being used.
The SSID is initially transmitted in plaintext (unencrypted) form when the device is negotiating with the AP. If an attacker cannot capture an initial negotiation process, it can force one to occur. An attacker can send a forged disassociation frame to a wireless device. This will cause the device to disassociate from the AP. When the device immediately attempts to reconnect to the AP, the attacker can capturing frames and see the SSID transmitted in plaintext.
SSID hiding may prevent users from being able to freely roam one AP coverage area to
another.
Turning off SSID beaconing is not always possible or convenient. SSID beaconing is the default mode in every AP. Even more so, not all APs allow beaconing to be turned off, and those that do often discourage users from making this change.
Versions of Microsoft Windows XP, when receiving signals from both a wireless network
that is broadcasting an SSID and one that is not broadcasting the SSID, will always connect to the AP that is broadcasting its SSID. If a Windows XP device is connected to an AP that is not broadcasting its SSID, and another AP is turned on that is broadcasting its SSID, the device will automatically disconnect from the first AP and connect to the AP that is broadcasting.
The SSID can be retrieved from an authenticated device.
Because many users do not change the default SSID, an attacker can simply try using default SSIDs until the correct value is accepted.