Vulnerability identifier: #VU20415
Vulnerability risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
wpa_supplicant
Server applications /
Encryption software
hostapd
Server applications /
Remote access servers, VPN
Vendor: Jouni Malinen
Description
The vulnerability allows a remote attacker to conduct time-based side-channel attacks on a targeted system.
The vulnerability exists due to insufficient security restrictions during the WPA3's Dragonfly handshake process when using Brainpool curves. A remote in radio range of the access point can observe timing differences and cache access patterns, conduct a side-channel attack and access sensitive information that could be used for full password recovery.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
wpa_supplicant: 2.0.0 - 2.8.0
hostapd: 2.0 - 2.8
External links
http://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503
http://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5
http://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.