Two new Dragonblood vulnerabilities discovered in WiFi WPA3 standard

Two new Dragonblood vulnerabilities discovered in WiFi WPA3 standard

  • The first one is a side-channel attack flaw in WPA3’s Dragonfly handshake implementation, while the second is an information disclosure vulnerability in EAP-pwd authentication.
  • WPA3 is the latest among the WPA standards brought out by the Wi-Fi Alliance. The organization introduced WPA3 in 2018.

Security researchers have uncovered a couple more Dragonblood vulnerabilities in WPA3. These new flaws are particular to two implementations, Dragonfly handshake in WPA3, and Extensible Authentication Protocol (EAP).

Back in April 2019, the Wi-Fi security standard was found having five flaws that were collectively termed as ‘Dragonblood’. The flaws were discovered by researchers Mathy Vanhoef and Eyal Ronen.

Key highlights

  • The first flaw, tracked as CVE-2019-13377, is a timing-based side-channel attack flaw in Dragonfly handshake.
  • The second flaw tracked as CVE-2019-13456, is a information leak flaw present in the EAP-pwd implementation of FreeRADIUS, which is meant for authentication in Wi-Fi products.
  • According to Vanhoef and Ronen, the side-channel attack issue was due to another standard called Brainpool curves incorporated in WPA3.
  • The researchers also indicate that timing attacks against EAP-pwd implementations are feasible in practice.
  • Both the flaws have been reported to the Wi-Fi Alliance by the researchers. As of now, the two flaws are yet to be addressed.

Root cause identified

In a blog, the researchers suggest that the introduction of Brainpool curves in WPA3 for resolving Dragonblood vulnerabilities was the reason for these side-channel issues.

“In these recommendations, they (Wi-Fi Alliance) claim that Brainpool curves are safe to use, at least if products securely implement Dragonfly's quadratic residue test (i.e. it must be implemented without side-channel leaks),” explained the researchers.

“However, we found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake of WPA3. In other words, even if the advice of the Wi-Fi Alliance is followed, implementations remain at risk of attacks,” wrote the researchers.