In early 2022, a new vulnerability was disclosed, tracked as CVE-2022-23303. It's found in Wi-Fi authentication software that's everywhere: hostapd and wpa_supplicant. If you've ever set up a Wi-Fi hotspot, open-source router firmware, or even connected to a secure Wi-Fi at home or work—chances are, you're using these tools.
This vulnerability is a *side-channel attack* against the key exchange protocol called SAE (Simultaneous Authentication of Equals), a critical part of WPA3. It's actually related to an *older bug* (CVE-2019-9494), which was not fully patched. The biggest problem? It leaks secret information through CPU cache patterns during cryptographic calculations.
Let’s break this down in plain American English, and see exactly how this security hole works—including code examples and exploit details.
Background: SAE, WPA3, and Side-Channel Leaks
SAE is a key exchange protocol, usually used in Wi-Fi networks running WPA3. It's designed to resist *offline dictionary attacks*, meaning an attacker can't easily just guess passwords.
However, computers can sometimes betray secrets not just in what they output, but in *how* they process things. For example, when doing math with secret values, if the code takes different paths, or uses memory at different spots depending on your password, a clever attacker can measure this (for example, through cache timing attacks). This is called a side-channel attack.
The Flaw: Where is CVE-2022-23303?
After the original fix for CVE-2019-9494, the developers patched some timing leaks. However, the fix didn't solve *all* the leaks. In particular, the SAE implementation in versions of hostapd and wpa_supplicant before 2.10 still has cache-based side-channels.
The bug is in the elliptic curve cryptography math, where the code’s memory access patterns depend on the secret values (like the password or private key). Attackers near your Wi-Fi network can potentially use these timing leaks to recover those secrets.
Here’s a simplified snippet based on the vulnerable code (from src/common/crypto_ec.c)
for (i = ; i < bits; i++) {
if (scalar & (1 << i))
point_add(&result, &table[i]);
}
The problem is that the if (scalar & (1 << i)) check is secret-dependent. Access to table[i] will be different depending on the bits in your scalar (private key). If an attacker can figure out *which* table entries are being accessed (using cache timing), they can start to recover the scalar.
Send authentication requests that trigger SAE exchanges.
2. Watch for side-channel info (such as cache timing or power usage) by either being on the same device (local attacker) or, in some cases, through remote timing tricks.
3. Infer secret info (such as the Wi-Fi password!) by matching observed patterns with what should happen in the code.
The attack is hard, but not impossible—especially for skilled attackers with some hardware or local access.
Exploit Code Example
For demonstration, here’s a Python snippet using pycryptodome to emulate a cache-timing exploit in a toy elliptic curve operation:
from Crypto.PublicKey import ECC
from time import perf_counter
def side_channel_simulation(private_key, point):
result = ECC.EccPoint(, , curve='P-256')
start = perf_counter()
for i in range(private_key.size_in_bits()):
if private_key.d & (1 << i):
# Simulated "slower" operation
result = result + point
elapsed = perf_counter() - start
print(f"Elapsed time: {elapsed} seconds")
return result
# In real attack, attackers measure 'elapsed' to infer ‘private_key’
Attackers would run many auth sessions, constantly measuring the time/caches, and statistically reconstruct the secret key!
Official Patch and Mitigation
Fix: The maintainers released hostapd 2.10 with improved side-channel mitigations. The code changes ensure all elliptic curve operations run in constant time, regardless of secrets.
Upgrade hostapd and wpa_supplicant to 2.10 or later.
- If unable to upgrade, disable WPA3-SAE, or use stronger passwords (not a real fix, but slows attackers).
- Watch for firmware/router updates!
Original References
- CVE-2022-23303 official page
- hostapd/wpa_supplicant 2.10 release notes
- Upstream patch discussion
- WPA3 SAE side-channel research (CVE-2019-9494)
Conclusion
CVE-2022-23303 is an example of how complex cryptography can end up leaking secrets through something as subtle as memory access patterns. It’s a reminder: fixing side-channels is as important as fixing direct logic bugs. Always use up-to-date security software, especially for core services like Wi-Fi access.
Timeline
Published on: 01/17/2022 02:15:00 UTC
Last modified on: 02/28/2022 22:07:00 UTC