Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2357
Views
0
Helpful
2
Replies

Security Vulnerabilities Disclosed for SAE Handshake – no update needed for Cisco Wireless products

Jerome Henry
Cisco Employee
Cisco Employee

‎04-10-2019 09:11 AM - edited ‎07-05-2021 10:14 AM

Hi team,

 

On April 10, 2019, a research paper entitled Dragonblood: Analysing WPA3’s Dragonfly Handshakewas made publicly available. This paper describes how the Simultaneous Authentication of Equals (SAE) handshake, defined in IEEE-802.11-2016 and implemented as part of the Wi-Fi Alliance’s Wi-Fi Protected Access 3 (WPA3) security suite, has recently been identified to have multiple vulnerabilities.

 

Cisco Access points are not affected by any of the vulnerabilities described. The Cisco AireOS and IOS-XE releases that support SAE for WPA3-Personal will also include protection mechanisms against these vulnerabilities. WPA3 clients may need to be updated and Cisco recommends finding the latest information from vendors’ websites.

 

Although no Cisco products are affected, Cisco understands that customers are interested in understanding the vulnerabilities in order to assess WPA3 clients’ vulnerabilities. A longer document details the vulnerabilities found and possible exposures:

 

https://community.cisco.com/t5/wireless-mobility-blogs/security-vulnerabilities-disclosed-for-sae-handshake-no-update/ba-p/3836147

 

Please use this forum if you have specific questions around this issue, as it relates to Cisco APs and controllers.

 

Thanks!

 

Jerome

Labels:
0 Helpful
2 Replies 2

amos-pccwg
Level 1
Level 1

‎08-17-2019 06:27 AM

So, apparently there is a new vulnerability that is not fully public yet that affect WPA3.

It’s not the downgrade attack, it’s related to dragonfly implementations.

i don’t have any other details, only that it’s quite new and need more testing and verification.

i read about it in the latest countermeasure security mail.

Is Cisco aware of this new vulnerability?

#Aironet #Meraki WPA3

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to amos-pccwg

‎08-19-2019 05:00 AM

Some more information: https://wpa3.mathyvanhoef.com/#new
It looks like we need WPA 3.1.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card