Bug 1737665 (CVE-2019-13377) - CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
Summary: CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3'...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-13377
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1737666 1737667 1737668
Blocks: 1740727
TreeView+ depends on / blocked
 
Reported: 2019-08-06 01:45 UTC by Pedro Sampaio
Modified: 2019-09-29 15:18 UTC (History)
10 users (show)

Fixed In Version: wpa_supplicant 2.9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-11 18:45:33 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2019-08-06 01:45:39 UTC
Using Brainpool curves in WPA3's Dragonfly handshake introduces a side-channel leak, located in the password encoding algorithm of Dragonfly. This flaw allows an attacker to measure the timing differences and leak important information that can be used to bruteforce the Wi-Fi password.

References:
https://wpa3.mathyvanhoef.com/#new

Comment 1 Pedro Sampaio 2019-08-06 01:46:03 UTC
Created hostapd tracking bugs for this issue:

Affects: epel-all [bug 1737668]
Affects: fedora-all [bug 1737667]


Created wpa_supplicant tracking bugs for this issue:

Affects: fedora-all [bug 1737666]

Comment 3 Riccardo Schirone 2019-09-11 15:22:10 UTC
External References:

https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Comment 4 Riccardo Schirone 2019-09-11 15:37:36 UTC
Setting Attack Complexity (AC) to High because an attacker needs the password to be weak for the dictionary attack to succeed, which is not under the attacker control.

Comment 5 Riccardo Schirone 2019-09-11 16:13:18 UTC
Statement:

This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for SAE (Simultaneous Authentication of Equals) nor for EAP-pwd.

This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 and 8 as they are not compiled with SAE (Simultaneous Authentication of Equals) nor with EAP-pwd enabled. In particular, the CONFIG_SAE=y and CONFIG_EAP_PWD=y options are not set at compile time.

Comment 6 Product Security DevOps Team 2019-09-11 18:45:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-13377


Note You need to log in before you can comment on or make changes to this bug.