hashcat Forum
WPA3 Dragonblood Vulnerabilities Disclosure - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: WPA3 Dragonblood Vulnerabilities Disclosure (/thread-8309.html)



WPA3 Dragonblood Vulnerabilities Disclosure - MrMiller - 04-17-2019

Interesting information and paper

https://wpa3.mathyvanhoef.com/

Hope this is safe from Milzo here


RE: WPA3 Dragonblood Vulnerabilities Disclosure - ZerBea - 04-17-2019

Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other words: The attacker must install code on the target device.

Additionally, most of the flaws are already patched:
SAE side-channel attacks
https://w1.fi/security/2019-1/

EAP-pwd side-channel attack
https://w1.fi/security/2019-2/

SAE confirm missing state validation
https://w1.fi/security/2019-3/

EAP-pwd missing commit validation
https://w1.fi/security/2019-4/


RE: WPA3 Dragonblood Vulnerabilities Disclosure - MrMiller - 04-19-2019

(04-17-2019, 08:53 PM)ZerBea Wrote: Additionally, most of the flaws are already patched:

Yes, Jouni Malinen has access to WPA3 specifications through
representing Qualcomm at the Wi-Fi Alliance and this ensures
his wpa_supplicant/hostapd has the most up to date and
patched implementation for WPA3. So whilst everyone else
outside the closed doors of the Wi-Fi Alliance is waiting
to see a copy of the WPA3 spec, this codebase is the best
reference publically available.


RE: WPA3 Dragonblood Vulnerabilities Disclosure - ZerBea - 04-20-2019

Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool.