cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1405
Views
0
Helpful
0
Replies
Highlighted
Cisco Employee

Security Vulnerabilities Disclosed for SAE Handshake – no update needed for Cisco Wireless products

Hi team,

 

On April 10, 2019, a research paper entitled Dragonblood: Analysing WPA3’s Dragonfly Handshakewas made publicly available. This paper describes how the Simultaneous Authentication of Equals (SAE) handshake, defined in IEEE-802.11-2016 and implemented as part of the Wi-Fi Alliance’s Wi-Fi Protected Access 3 (WPA3) security suite, has recently been identified to have multiple vulnerabilities.

 

Cisco Access points are not affected by any of the vulnerabilities described. The Cisco AireOS and IOS-XE releases that support SAE for WPA3-Personal will also include protection mechanisms against these vulnerabilities. WPA3 clients may need to be updated and Cisco recommends finding the latest information from vendors’ websites.

 

Although no Cisco products are affected, Cisco understands that customers are interested in understanding the vulnerabilities in order to assess WPA3 clients’ vulnerabilities. A longer document details the vulnerabilities found and possible exposures:

 

https://community.cisco.com/t5/wireless-mobility-blogs/security-vulnerabilities-disclosed-for-sae-handshake-no-update/ba-p/3836147

 

Please use this forum if you have specific questions around this issue, as it relates to Cisco APs and controllers.

 

Thanks!

 

Jerome

CreatePlease to create content