WPA2 Pre-shared Key Brute Force Attack

WPA2 Pre-shared Key Brute Force Attack

A way of brute force attack based on WPA2 standard using PMKID has come to light.

This attack actually is a brute force attack on WPA2 pre-shared key. The reason this attack is considered effective is because it can be performed offline, without actually attempting to connect to AP, based on a single sniffed packet from a valid key exchange.

This problem is not a vulnerability, but a way how wireless AP password can be guessed in an easier way.

In order to mitigate this type of attack, you should use a strong password that is hard to brute force. Using an access-list also helps to protect your network, because the attacker needs to be authenticated first.

To eliminate the possibility of this attack entirely you can use WPA-PSK (do not forget to use aes-ccm encryption!). WPA-PSK does not include the field that is used to verify the password in this attack.

MikroTik has also added the option to disable sending PMKID in handshake message 1 in WPA2-PSK. Disabling it will also protect your network against this attack. This option is available in RouterOS versions 6.40.9, 6.42.7 and 6.43 (from rc56).


Blog post by MikroTik
Reference: https://forum.mikrotik.com/viewtopic.php?t=137838