Dragonblood vulnerabilities found in WPA3 WiFi authentication standard
- Dragonblood vulnerabilities include a total of five vulnerabilities such as a Denial-of-Service (DoS) vulnerability, two downgrade vulnerabilities, and two side-channel information leaks.
- These vulnerabilities, if exploited, could allow attackers to recover WiFi network passwords and gain access to the encrypted network traffic between the connected devices.
What is the issue - Security researchers detected Dragonblood vulnerabilities in WiFi Alliance’s WiFi WPA3 security and authentication standard.
What are Dragonblood vulnerabilities - Dragonblood vulnerabilities include a total of five vulnerabilities such as,
- A Denial-of-Service (DoS) vulnerability
- Two downgrade vulnerabilities
- Two side-channel information leaks
Why it matters - These vulnerabilities, if exploited, could allow attackers to recover WiFi network passwords and gain access to the encrypted network traffic between the connected devices.
The Denial-of-service (DoS) attack could result in the crash of WPA3 compatible access points, while the other 4 vulnerabilities could be exploited to recover WiFi network passwords.
“We discovered two types of design flaws in WPA3. The first type are downgrade attacks, and the second type are side-channels leaks that reveal information about the password being used. Both of these vulnerabilities can be abused to recover the password used by the Wi-Fi network,” researchers said.
In the downgrade attack, the design flaws in the WPA3 standard’ Dragonfly key exchange are exploited. In this attack, WiFi WPA3-capable networks can be persuaded in using an older and more insecure password exchange system, which could allow attackers to retrieve the network passwords using the older flaws.
Side-channel information leaks
In a side-channel information leak attack, WiFi WPA3-capable networks can trick
devices into using weaker algorithms that could leak small amounts of information about the network password.
- Cache-based side channel information leak attack exploits the Dragonfly protocol’s ‘hunting and pecking’ algorithm.
- While timing-based side channel information leak attack exploits the WPA3’s ‘multiplicative groups’ feature.
Worth noting - The Dragonblood vulnerabilities also impact EAP-pwd (Extensible Authentication Protocol).
“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited,” WiFi Alliance said in a security update.