Dragonblood
What is Dragonblood?
DragonbloodA family of side-channel and downgrade attacks against WPA3 SAE (Dragonfly) that can leak the Wi-Fi password to a nearby attacker.
Dragonblood was disclosed in April 2019 by Mathy Vanhoef and Eyal Ronen. It targets the Simultaneous Authentication of Equals (SAE) handshake, also called Dragonfly, used by WPA3-Personal. The researchers found timing and cache-based side channels in the hunt-and-peck password-element derivation, plus group-downgrade and transition-mode attacks that force clients onto vulnerable curves or back to WPA2. With a captured side-channel trace, an attacker can run an offline password-partitioning attack to recover the PSK. CVEs include CVE-2019-9494 and CVE-2019-9495. Fixes published in WPA3 Dragonfly hash-to-curve (Hash-to-Element) plus patched hostapd/wpa_supplicant address the leaks, but transition-mode deployments remain risky.
● Examples
- 01
Timing leak in hunt-and-peck lets an attacker recover a weak WPA3 passphrase offline.
- 02
Forcing a client into WPA2 transition mode to perform a classic offline PMKID crack.
● Frequently asked questions
What is Dragonblood?
A family of side-channel and downgrade attacks against WPA3 SAE (Dragonfly) that can leak the Wi-Fi password to a nearby attacker. It belongs to the Attacks & Threats category of cybersecurity.
What does Dragonblood mean?
A family of side-channel and downgrade attacks against WPA3 SAE (Dragonfly) that can leak the Wi-Fi password to a nearby attacker.
How does Dragonblood work?
Dragonblood was disclosed in April 2019 by Mathy Vanhoef and Eyal Ronen. It targets the Simultaneous Authentication of Equals (SAE) handshake, also called Dragonfly, used by WPA3-Personal. The researchers found timing and cache-based side channels in the hunt-and-peck password-element derivation, plus group-downgrade and transition-mode attacks that force clients onto vulnerable curves or back to WPA2. With a captured side-channel trace, an attacker can run an offline password-partitioning attack to recover the PSK. CVEs include CVE-2019-9494 and CVE-2019-9495. Fixes published in WPA3 Dragonfly hash-to-curve (Hash-to-Element) plus patched hostapd/wpa_supplicant address the leaks, but transition-mode deployments remain risky.
How do you defend against Dragonblood?
Defences for Dragonblood typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Dragonblood?
Common alternative names include: WPA3 SAE side-channel, Dragonfly attack.
● Related terms
- network-security№ 1250
WPA3
The third generation of Wi-Fi Protected Access, introducing SAE-based authentication, forward secrecy, and stronger protections for personal and enterprise Wi-Fi.
- attacks№ 595
KRACK Attack
A key reinstallation attack against WPA2 that forces nonce reuse in the four-way handshake, letting an attacker decrypt or replay Wi-Fi traffic.
- attacks№ 837
PMKID Attack
An offline WPA/WPA2-PSK cracking method that derives the passphrase from a single PMKID field captured from an access point, no client needed.
- vulnerabilities№ 1038
Side-Channel Attack
An attack that recovers secrets from a system by observing physical or implementation characteristics — timing, power, electromagnetic emissions, caches, acoustic signals — rather than logical flaws.
- attacks№ 943
Rogue Access Point
An unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls.