cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1538
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

Security Vulnerabilities Disclosed for SAE Handshake – no update needed for Cisco Wireless products

Hi team,

 

On April 10, 2019, a research paper entitled Dragonblood: Analysing WPA3’s Dragonfly Handshakewas made publicly available. This paper describes how the Simultaneous Authentication of Equals (SAE) handshake, defined in IEEE-802.11-2016 and implemented as part of the Wi-Fi Alliance’s Wi-Fi Protected Access 3 (WPA3) security suite, has recently been identified to have multiple vulnerabilities.

 

Cisco Access points are not affected by any of the vulnerabilities described. The Cisco AireOS and IOS-XE releases that support SAE for WPA3-Personal will also include protection mechanisms against these vulnerabilities. WPA3 clients may need to be updated and Cisco recommends finding the latest information from vendors’ websites.

 

Although no Cisco products are affected, Cisco understands that customers are interested in understanding the vulnerabilities in order to assess WPA3 clients’ vulnerabilities. A longer document details the vulnerabilities found and possible exposures:

 

https://community.cisco.com/t5/wireless-mobility-blogs/security-vulnerabilities-disclosed-for-sae-handshake-no-update/ba-p/3836147

 

Please use this forum if you have specific questions around this issue, as it relates to Cisco APs and controllers.

 

Thanks!

 

Jerome

2 REPLIES 2
Beginner

Re: Security Vulnerabilities Disclosed for SAE Handshake – no update needed for Cisco Wireless products

So, apparently there is a new vulnerability that is not fully public yet that affect WPA3.

It’s not the downgrade attack, it’s related to dragonfly implementations.

i don’t have any other details, only that it’s quite new and need more testing and verification.

i read about it in the latest countermeasure security mail.

Is Cisco aware of this new vulnerability?

#Aironet #Meraki WPA3

VIP Engager

Re: Security Vulnerabilities Disclosed for SAE Handshake – no update needed for Cisco Wireless products

Some more information: https://wpa3.mathyvanhoef.com/#new
It looks like we need WPA 3.1.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards