VU#871675: WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous"implementation"vulnerabilities may involve modifying the protocol. WPA3 uses Simultaneous Authentication of Equals(SAE),also known as Dragonfly Key Exchange,as the initial key exchange protocol,replacing WPA2's Pre-Shared Key(PSK)protocol. hostapd is a daemon for access point and authentication servers used by WPA3 authentication. wpa_supplicant is a wireless supplicant that implements key negotiation with the WPA Authenticator and supports WPA3. Both of these components,as implemented with Extensible Authentication Protocol Password(EAP-PWD)and SAE,are vulnerable ..