Do you have any concerns on multiple vulnerabilities in WPA3 Protocol? (Arp 2019)

Preface: WPA3 protocol aim to enhance Wi-Fi security protection. Yes, it does. But something wrong with him this time.

Technology Synopsis: The very damaging DoS attack consists of clogging one peer with bogus requests with forged source IP addresses. Due to computationally intensive nature of modular exponentiation, the DH key exchange is highly vulnerable to clogging (DoS) attack.The SAE handshake of WPA3 also uses a cookie exchange procedure to mitigate clogging attacks.

Vulnerability highlights:

  1. The SAE handshake of WPA3 uses a cookie exchange procedure to mitigate clogging attacks.
    But the design of the cookie exchange mechanism has technical limitation. Since everyone will receive the (supposedly secret) cookies.
  2. An attacker with a rogue access point can force the client connecting to it to use WPA2’s 4-way handshake and, consequently, to get enough information to launch an offline dictionary attack.

Should you have interest, please refer to the following url: https://www.kb.cert.org/vuls/id/871675/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.