WPA3 Dragonblood Vulnerabilities Disclosure
#1
Interesting information and paper

https://wpa3.mathyvanhoef.com/

Hope this is safe from Milzo here
Reply
#2
Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other words: The attacker must install code on the target device.

Additionally, most of the flaws are already patched:
SAE side-channel attacks
https://w1.fi/security/2019-1/

EAP-pwd side-channel attack
https://w1.fi/security/2019-2/

SAE confirm missing state validation
https://w1.fi/security/2019-3/

EAP-pwd missing commit validation
https://w1.fi/security/2019-4/
Reply
#3
(04-17-2019, 08:53 PM)ZerBea Wrote: Additionally, most of the flaws are already patched:

Yes, Jouni Malinen has access to WPA3 specifications through
representing Qualcomm at the Wi-Fi Alliance and this ensures
his wpa_supplicant/hostapd has the most up to date and
patched implementation for WPA3. So whilst everyone else
outside the closed doors of the Wi-Fi Alliance is waiting
to see a copy of the WPA3 spec, this codebase is the best
reference publically available.
Reply
#4
Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool.
Reply