Security Vulnerability : Dragonblood - Issues with WPA3's Dragonfly Handshake.

This document (7023818) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12

Situation

Researchers studied the new handshake in the WPA 3 protocol called "Dragonfly" and found various problems in implementations of the protocol, that could allow attackers in WiFi range to bypass the EAP-PWD and SAE  authentication methods and so gain unauthorized access to protected Wireless LANs.

These problems mostly affect the EAP server side of wireless authentication implementations and not the client side.

On SUSE Linux Enterprise systems there are various packages affected by the reported problems :

wpa_supplicant

wpa_supplicant is the client side WiFi authentication program used in Linux, and it is affected by some of the reported issues in newer versions. 

EAP-PWD is currently only enabled in wpa_supplicant in SUSE Linux Enterprise 15, wpa_supplicants on older SUSE products currently do not support this method and so are not affected. 

SAE in use by WPA 3 is currently only supported by the newer wpa_supplicant in SUSE Linux Enterprise 15, so older SUSE products are not affected by this problem.

openssl

Also a weakness in openssl elliptic curve verification was identified, where the points on the curve were not  correctly validated, which in turn could cause services that use openssl to authenticate using elliptic curves to allow bypass of checks. 

Openssl versions in SUSE Linux Enterprise 12 and older are affected and will receive hardening fixes.

Resolution

Update to fixed wpa_supplicant once it becomes available.

Cause

CVE-2019-9494 - Cache attack against SAE
CVE-2019-9495 - Cache attack against EAP-PWD
CVE-2019-9496 - SAE confirm missing state validation in hostapd/AP
CVE-2019-9497 - EAP-PWD server not checking for reflection attack
CVE-2019-9498 - EAP-PWD server missing commit validation for scalar/element
CVE-2019-9499 - EAP-PWD peer missing commit validation for scalar/element

Additional Information

External Researcher Website: https://wpa3.mathyvanhoef.com/

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023818
  • Creation Date: 11-Apr-2019
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center