Vulnerability identifier: #VU20415

Vulnerability risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-13377

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
wpa_supplicant
Server applications / Encryption software
hostapd
Server applications / Remote access servers, VPN

Vendor: Jouni Malinen

Description

The vulnerability allows a remote attacker to conduct time-based side-channel attacks on a targeted system.

The vulnerability exists due to insufficient security restrictions during the WPA3's Dragonfly handshake process when using Brainpool curves. A remote in radio range of the access point can observe timing differences and cache access patterns, conduct a side-channel attack and access sensitive information that could be used for full password recovery.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

wpa_supplicant: 2.0.0 - 2.8.0

hostapd: 2.0 - 2.8

---

External links
http://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503
http://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5
http://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.