WPA3 Multiple Vulnerabilities: "Dragonblood" |
Wednesday, 17 April 2019 12:00 |
Description: Researchers has discovered two types of design flaws in WPA3-first leads to downgrade attacks and second to side-channel leaks, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood.
CVE Numbers: CVE-2019-9494/CVE-2019-9495/CVE-2019-9496/CVE-2019-9497/CVE-2019-9498/CVE-2019-9499
Impact: A downgrade attack against WPA3-Transtition mode can lead to dictionary attacks. A security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack, and a resource consumption attack against the WPA3's Dragonfly handshake can be used to recover passwords or cause a DoS.
Solution: Upgrade wpa_supplicant and hostapd to version 2.8
Available Mitigations: Mitigations are available for CVE-2019-9494 https://w1.fi/security/2019-1/ CVE-2019-9495 https://w1.fi/security/2019-2/ CVE-2019-9496 https://w1.fi/security/2019-3/ CVE-2019-9497 https://w1.fi/security/2019-4/ CVE-2019-9498 https://w1.fi/security/2019-4/ CVE-2019-9499 https://w1.fi/security/2019-4/
Reference: https://www.kb.cert.org/vuls/id/871675/ https://wpa3.mathyvanhoef.com/ https://papers.mathyvanhoef.com/dragonblood.pdf
|