On April 10, 2019, a research paper entitled Dragonblood: Analysing WPA3’s Dragonfly Handshakewas made publicly available. This paper describes how the Simultaneous Authentication of Equals (SAE) handshake, defined in IEEE-802.11-2016 and implemented as part of the Wi-Fi Alliance’s Wi-Fi Protected Access 3 (WPA3) security suite, has recently been identified to have multiple vulnerabilities.
Cisco Access points are not affected by any of the vulnerabilities described. The Cisco AireOS and IOS-XE releases that support SAE for WPA3-Personal will also include protection mechanisms against these vulnerabilities. WPA3 clients may need to be updated and Cisco recommends finding the latest information from vendors’ websites.
Although no Cisco products are affected, Cisco understands that customers are interested in understanding the vulnerabilities in order to assess WPA3 clients’ vulnerabilities. A longer document details the vulnerabilities found and possible exposures:
Please use this forum if you have specific questions around this issue, as it relates to Cisco APs and controllers.
So, apparently there is a new vulnerability that is not fully public yet that affect WPA3.
It’s not the downgrade attack, it’s related to dragonfly implementations.
i don’t have any other details, only that it’s quite new and need more testing and verification.
i read about it in the latest countermeasure security mail.
Is Cisco aware of this new vulnerability?
#Aironet #Meraki WPA3