Skip to main content

Dragon Blood-Dragon Fly WPA3 Vulnurability-Explained | Network Security | Ethical Hacking


Currently, all modern Wi-Fi networks use WPA2 to protect transmitted data. However, because WPA2 is more than 14 years old, the Wi-Fi Alliance recently announced the new and more secure WPA3 protocol. One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it's near impossible to crack the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS. Fortunately, we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.
The Dragonfly handshake, which forms the core of WPA3, is also used on certain Wi-Fi networks that require a username and password for access control. That is, Dragonfly is also used in the EAP-pwd protocol. Unfortunately, our attacks against WPA3 also work against EAP-pwd, meaning an adversary can even recover a user's password when EAP-pwd is used. We also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password. Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly.

The technical details behind our attacks against WPA3 can be found in our detailed research paper titled Dragonblood: A Security Analysis of WPA3's SAE Handshake.
The details of our EAP-pwd attacks are explained on this website.
By-Mathy Vanhoef and Eyal Ronen
For More Information Visit:-Dragon Blood Official Site

GitHub Link:-Follow me
Follow me at my site for more information.
Thanks!

Comments

Post a Comment

Popular posts from this blog

How to Trace anyone IP, System and Location | CanaryTokens

How to Trace anyone IP, System and Location | Canary Tokens Hello, Guys I am your Host and your Friend Abhishek Yadav. Today we talked about CanaryTokens So, For more practical Hacking videos please Subscribe the YouTube Channel. This Channel would upload the videos on interesting topics of Advanced Computer, Advanced Ethical Hacking and Cyber Security. Thanks For Watching!! Video would come soon...  Follow me at GitHub:- Follow Me!!! Visit My Site :- Visit the Site Visit Our Site :- Visit Our Offcial Site Canary Tokens Official Site:- Canary Token Official Site Thanks For Watching This Video Again!!!
Post a Comment
Read more

How to Detect Canary Tokens | Cyber Security First Video

How to Detect Canary Tokens | Cyber Security First Video How to Detect Canary Tokens | Cyber Security First Video Hello Guys, I am Abhishek Yadav your host. These is the First Video on Cyber Security. and it's the second part of my Video "How to Trace anyone IP, System and Location | CanaryTokens" which is in my Ethical Hacking Section Playlist. For Watching that video click these link :- Click Here For Watching!! For More Information Visit :- Home Page Another Link :- Host Site Follow Me at GitHub:- Host GitHub Site GitHub Repository Link for Detecting MS Word File :- GitHub Repository Link Don't Forget to Give Star on my GItHub Repository if you like it. Thanks For Watching the Video. Don't Forget to Subscribe the YouTube Channel:- Subscribe And Also don't forget to like , comment, and Share the Video. Thank You Again.....
Post a Comment
Read more