Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood.
CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous "implementation" vulnerabilities may involve modifying the protocol.
WPA3 uses Simultaneous Authentication of Equals (SAE), also known as Dragonfly Key Exchange, as the initial key exchange protocol, replacing WPA2's Pre-Shared Key (PSK) protocol. hostapd is a daemon for access point and authentication servers used by WPA3 authentication. wpa_supplicant is a wireless supplicant that implements key negotiation with the WPA Authenticator and supports WPA3. Both of these components, as implemented with Extensible Authentication Protocol Password (EAP-PWD) and SAE, are vulnerable as follows:
CVE-2019-9494: SAE cache attack against ECC groups (SAE side-channel attacks) - CWE-208 and CWE-524
Upgrade wpa_supplicant and hostapd to version 2.8, when available. Additional mitigation options are listed below.
Check your vendor for mitigation information.
Thanks to Mathy Vanhoef(NYUAD)and Eyal Ronen(Tel Aviv University&KU Leuven)for reporting this vulnerability; Jouni Malinen for patches,and Kevin Robinson for support from Wi-Fi Alliance.