Mathy Vanhoef and Eyal Ronen () A new attack method (CVE-2019-13377) on wireless networks using WPA3 security technology that allows obtaining information about the characteristics of a password that can be used to brute-force it offline. The problem appears in the current version .
Recall that in April the same authors were six vulnerabilities in WPA3 that the Wi-Fi Alliance, which develops standards for wireless networks, amended recommendations for secure implementations of WPA3, which mandated the use of secure elliptic curves , instead of the previously allowed elliptic curves P-521 and P-256.
However, the analysis showed that the use of Brainpool leads to a new class of side-channel leaks in WPA3's connection negotiation algorithm. , protection against guessing passwords in offline mode. The identified issue demonstrates that creating Dragonfly and WPA3 implementations that are free from data leaks through third-party channels is an extremely difficult task, and also shows the failure of the closed-door standards development model without public discussion of the proposed methods and audit by the community.
When using Brainpool's elliptic curve, Dragonfly's password encryption algorithm performs several preliminary iterations with the password associated with quickly calculating a short hash before applying the elliptic curve. Until a short hash is found, the operations performed depend directly on the password and MAC address of the client. The execution time (correlates with the number of iterations) and delays between operations during the execution of preliminary iterations can be measured and used to determine the characteristics of the password, which can be used offline to refine the choice of parts of the password in the brute force process. To carry out an attack, it is necessary to have access to the system of a user connecting to a wireless network.
Additionally, researchers have identified a second vulnerability (CVE-2019-13456) associated with information leakage in the implementation of the protocol , which uses the Dragonfly algorithm. The problem is specific to the FreeRADIUS RADIUS server and, based on information leakage through third-party channels, just like the first vulnerability, it can significantly simplify password guessing.
In combination with an improved method of filtering out noise in the process of measuring delays, 75 measurements for one MAC address are enough to determine the number of iterations. When using the GPU, the cost of resources for the selection of one dictionary password is estimated at $1. Techniques to improve the security of protocols to block identified problems are already included in the draft versions of future Wi-Fi standards () and . Unfortunately, without violating backward compatibility in the current versions of the protocols, it will not be possible to eliminate leaks through third-party channels.
Source: opennet.ru