Using Brainpool curves in WPA3's Dragonfly handshake introduces a side-channel leak, located in the password encoding algorithm of Dragonfly. This flaw allows an attacker to measure the timing differences and leak important information that can be used to bruteforce the Wi-Fi password.
Created hostapd tracking bugs for this issue:
Affects: epel-all [bug 1737668]
Affects: fedora-all [bug 1737667]
Created wpa_supplicant tracking bugs for this issue:
Affects: fedora-all [bug 1737666]
Setting Attack Complexity (AC) to High because an attacker needs the password to be weak for the dictionary attack to succeed, which is not under the attacker control.
This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for SAE (Simultaneous Authentication of Equals) nor for EAP-pwd.
This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 and 8 as they are not compiled with SAE (Simultaneous Authentication of Equals) nor with EAP-pwd enabled. In particular, the CONFIG_SAE=y and CONFIG_EAP_PWD=y options are not set at compile time.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):