DragonBlood Vulnerability

Around this year’s April, there are five vulnerabilities known as Dragonblood that been disclosed by two security researchers. This Dragonblood is a vulnerability that related to WPA3. Recently, the same security researchers have found another two new vulnerability that will make the same impact such as Dragonblood.

Source: Dragonblood Wi-Fi Attack (Youtube)

The name of those two security researchers is Mathy Vanhoef and Eyal Ronen.

Following are the summary of those two new vulnerabilities that related to Dragonblood:

  • CVE-2019-13377 is a vulnerability that will impact WPA3’s dragonfly handshakes when Brainpool curves occur. Those two security researchers have explained about CVE-2019-13377 vulnerability such as below

However, we found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake of WPA3,we confirmed the new Brainpool leak in practice against the lastest Hostapd version, and were able to brute-force the password using the leaked information.

  • CVE-2019-13456 is a vulnerability that will impact EAP-pwd that been implemented in FreeRadius framework. This will leak the information in EAP-pwd authentication process on FreeRadius device.

Source: New Dragonblood vulnerabilities found in WiFi WPA3 standard

Author: Wan Ariff

He brings with him more than 2 years of working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *