The WiFi Alliance developed WPA3 with better security in mind but it appears this isn't working out as planned as researchers once again found vulnerabilities in the protocol. In April, Mathy Vanhoef and Eyal Ronen discovered five vulnerabilities in WPA3, and now the two security researchers discovered another pair of security flaws in WPA3. Both vulnerabilities allow a brute-force attack on a WiFi network's password.
The findings were reported to the WiFi Alliance, which is now working on an update, which may lead to WPA 3.1. The security researchers blast the WiFi Alliance for its closed standards development process:
But besides just disclosing the two new Dragonblood vulnerabilities, the two researchers also took the chance to criticize the WiFi Alliance again for its closed standards development process that doesn't allow for the open-source community to contribute and prevent big vulnerabilities from making it into the standard in the first place.
"This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard," the researchers said. "It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept."