Security personnel found the Dragonblood vulnerability group in the Wi-Fi WPA3 standard

Two security researchers today revealed a set of vulnerabilities, collectively known as Dragonblood , that affected the WiFi Alliance's recently released WPA3 Wi-Fi security and authentication standards. If exploited, the vulnerability will allow an attacker within the victim's network to obtain a Wi-Fi password and penetrate the target network. 

Dragonblood vulnerability

The Dragonblood vulnerability group has a total of five vulnerabilities, including one denial of service attack vulnerability, two downgrade attack vulnerabilities, and two side channel information disclosure vulnerabilities. Although the denial of service vulnerability is not important, it only causes WPA3-compatible access points to crash, but the other four attacks can be used to obtain user passwords.

Both the downgrade attack and the two side channel leaks exploit the design flaw in the WPA3 standard Dragonfly key exchange, the mechanism by which the client authenticates on the WPA3 router or access point.

In downgrade attacks, networks that support WiFi WPA3 can induce devices to use older, less secure password-switching systems, allowing an attacker to retrieve network passwords using old vulnerabilities.

In side channel information leakage attacks, networks that support WiFi WPA3 can trick devices into using weaker algorithms that leak a small amount of information about network passwords. Through repeated attacks, you can finally recover the full password.