Around this year’s April, there are five vulnerabilities known as Dragonblood that been disclosed by two security researchers. This Dragonblood is a vulnerability that related to WPA3. Recently, the same security researchers have found another two new vulnerability that will make the same impact such as Dragonblood.
The name of those two security researchers is Mathy Vanhoef and Eyal Ronen.
Following are the summary of those two new vulnerabilities that related to Dragonblood:
- CVE-2019-13377 is a vulnerability that will impact WPA3’s dragonfly handshakes when Brainpool curves occur. Those two security researchers have explained about CVE-2019-13377 vulnerability such as below
However, we found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake of WPA3,we confirmed the new Brainpool leak in practice against the lastest Hostapd version, and were able to brute-force the password using the leaked information.
- CVE-2019-13456 is a vulnerability that will impact EAP-pwd that been implemented in FreeRadius framework. This will leak the information in EAP-pwd authentication process on FreeRadius device.