Skip to main content

Dragon Blood-Dragon Fly WPA3 Vulnurability-Explained | Network Security | Ethical Hacking


Currently, all modern Wi-Fi networks use WPA2 to protect transmitted data. However, because WPA2 is more than 14 years old, the Wi-Fi Alliance recently announced the new and more secure WPA3 protocol. One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it's near impossible to crack the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS. Fortunately, we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.
The Dragonfly handshake, which forms the core of WPA3, is also used on certain Wi-Fi networks that require a username and password for access control. That is, Dragonfly is also used in the EAP-pwd protocol. Unfortunately, our attacks against WPA3 also work against EAP-pwd, meaning an adversary can even recover a user's password when EAP-pwd is used. We also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password. Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly.

The technical details behind our attacks against WPA3 can be found in our detailed research paper titled Dragonblood: A Security Analysis of WPA3's SAE Handshake.
The details of our EAP-pwd attacks are explained on this website.
By-Mathy Vanhoef and Eyal Ronen
For More Information Visit:-Dragon Blood Official Site

GitHub Link:-Follow me
Follow me at my site for more information.
Thanks!

Comments

  1. Atul25 January 2020 at 14:59



    Thanks for sharing such a good content with us. keep share these kind of content.i would like to read more.
    Ethical Hacking institute in Delhi

    ReplyDelete

Post a Comment

Popular posts from this blog

KV NTPC Deeptinagar Library Application

It is a Application builted on Java and XML in Android Studio mainly for Android OS. This is an educational purpose application. This is builted on WebView Method of Android Application. Donwload App:- Download Now Download Source Code:- Source Code Link used as WebView:- Visit KV Library For more information visit my YouTube Channel:- YouTube Channel
1 comment
Read more

HTML 5 and CSS3 Fundamentals,Making Webpages-Computer Markup Language-Fundamentals of Computer Science

HTML5 and CSS3 Fundamentals HTML5 and CSS3 Fundamentals Home About Contact Background Every Web Developer Needs to Know Introduction In this article I'll describe the World Wide Web from a high level perspective, focusing on how a web page is request and delivered from a web server to a web browser. Then, I want to talk about web browsers, how they interpret the HTML you write, differences between browsers, what are standards and to paraphrase the old joke "if Standards are so great, why are there so many of them?" Finally, I'll talk about the thought process behind HTML5 and CSS3, why they were introduced and what they hope to achieve. A Brief Technical Overview of the World Wide Web The World Wide Web started out as a means for sharing scientific resources like research documentation between governmental and academic institutions. It took time for the technologies and practices to evolve beyond its original pu
2 comments
Read more