Earlier this year, two security researchers discovered several severe WPA3 bugs, dubbed DragonBlood. The vulnerability would have allowed hackers within range of a victim to recover WiFi passwords and infiltrate their network. Now, these same researchers have uncovered two new flaws impacting the same standard.
In a post, researchers Mathy Vanhoef and Eyal Ronen disclose their findings.
Just like the original DragonBlood vulnerabilities found in April, these new bugs (CVE-2019-13377 and CVE-2019-13456) allow hackers to steal your password even if you are using the latest WiFi protocol.
The first bug, CVE-2019-13377, is a timing-based side-channel attack that impacts WPA3’s handshake when using Brainpool curves.
“We found that using Brainpool curves introduces the second class of side-channel leaks in the Dragonfly handshake of WPA3,” the researchers said.
Additionally, even though the WiFi Alliance recommends that vendors use Brainpool as an additional layer of security, the duo says, “even if the advice of the WiFi Alliance is followed, implementations remain at risk of attacks.”
“The new side-channel leak is located in the password encoding algorithm of Dragonfly. We confirmed the new Brainpool leak in practice against the lastest Hostapd version and were able to brute-force the password using the leaked information.”
The second vulnerability, CVE-2019-13456, is an information leak bug that impacts the EAP-pwd (Extensible Authentication Protocol-Password) authentication process on some FreeRADIUS-supported devices, which allows attackers to recover passwords.
After reporting the bugs to the WiFi Alliance, the researchers said:
“[The] Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1. Although this update is not backwards-compatible with current deployments of WPA3, it does prevent most of our attacks.”