Using Brainpool curves in WPA3's Dragonfly handshake introduces a side-channel leak, located in the password encoding algorithm of Dragonfly. This flaw allows an attacker to measure the timing differences and leak important information that can be used to bruteforce the Wi-Fi password. References: https://wpa3.mathyvanhoef.com/#new
Created hostapd tracking bugs for this issue: Affects: epel-all [bug 1737668] Affects: fedora-all [bug 1737667] Created wpa_supplicant tracking bugs for this issue: Affects: fedora-all [bug 1737666]
Upstream references: https://w1.fi/security/2019-6/ https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Upstream patches: https://w1.fi/cgit/hostap/commit/?id=8e14b030e558d23f65d761895c07089404e61cf1 https://w1.fi/cgit/hostap/commit/?id=7958223fdcfe82479e6ed71019a84f6d4cbf799c https://w1.fi/cgit/hostap/commit/?id=1e237903f5b5d3117342daf006c5878cdb45e3d3 https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503 https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5 https://w1.fi/cgit/hostap/commit/?id=876c5eaa6dae1a87a17603fc489a44c29eedc2e3
External References: https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Setting Attack Complexity (AC) to High because an attacker needs the password to be weak for the dictionary attack to succeed, which is not under the attacker control.
Statement: This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for SAE (Simultaneous Authentication of Equals) nor for EAP-pwd. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 and 8 as they are not compiled with SAE (Simultaneous Authentication of Equals) nor with EAP-pwd enabled. In particular, the CONFIG_SAE=y and CONFIG_EAP_PWD=y options are not set at compile time.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-13377