New Dragonblood Vulnerabilities Found to Hack Wifi Passwords

The two researchers named Mathy Vanhoef and Eyal Ronen found these two new vulnerabilities in the security recommendations the WiFi Alliance created for equipment vendors in order to mitigate the initial Dragonblood attacks. In few months back, researchers disclosed serious vulnerabilities named as Dragonblood that reside in WPA3 protocol in last April that enables attackers to steal WiFi passwords.

Vulnerability -1 (CVE-2019-13377)

It impacts the WPA3’s Dragonfly handshake when using Brainpool curves.

Dragonfly is the key exchange mechanism through which users authenticate on a WPA3 router or access point. In April, Vanhoef and Ronen found that Dragonfly key exchanges that relied on P-521 elliptic curves could be downgraded to use the weaker P-256. As a result, the WiFi Alliance recommended that vendors use the stronger Brainpool curves as part of the Dragonfly algorithms.

Researchers Explaination:

“However, we found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake of WPA3. We confirmed the new Brainpool leak in practice against the lastest Hostapd version, and were able to brute-force the password using the leaked information.”

Vulnerability -2 (CVE-2019-13456)

It impacts the EAP-pwd implementation in the FreeRADIUS framework — used by many vendors to support WiFi connectivity.

According to ZDNet post, EAP-pwd (Extensible Authentication Protocol) is an authentication system supported in the previous WPA and WPA2 WiFi authentication standards, that is also supported for legacy purposes in WPA3. There is an Information leak in the EAP-pwd authentication process on some FreeRADIUS-supported devices, which allows attackers to recover passwords.