Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard.
If ever exploited, the vulnerabilities would allow an attacker within the range of a victim's network to recover the Wi-Fi password and infiltrate the target's network.
In total, five vulnerabilities are part of the Dragonblood ensemble --a denial of service attack, two downgrade attacks, and two side-channel information leaks.
While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.
Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard's
Dragonfly key exchange --the mechanism through which clients authenticate on a WPA3 router or access point.
In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.
In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.
