The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w1.fi hostapd |
||
w1.fi wpa supplicant |
||
fedoraproject fedora 28 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
synology radius server 3.0 |
||
synology router manager |
||
freebsd freebsd 11.2 |
||
freebsd freebsd 12.0 |
Passwords, personal information can be sussed out by attackers during handshakes
Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protections. Mathy Vanhoef, of New York University Abu Dhabi, and Eyal Ronen, of Tel Aviv University, have disclosed five different methods for breaking into or disrupting routers using the newest version of the wireless network security standard. The duo have already privately reporting the issue to the Wi-Fi Alliance and Cert/CC to make sure v...