Community discussions

MikroTik App
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1648
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

WPA2 preshared key brute force attack

Thu Aug 09, 2018 10:37 am

It has come to our attention that a new way of brute force attack based on WPA2 standard using PMKID has come to light.

This attack actually is a brute force attack on WPA2 preshared key. The reason this attack is considered effective is because it can be performed offline, without actually attempting to connect to AP, based on a single sniffed packet from a valid key exchange.

This problem is not a vulnerability, but a way how wireless AP password can be guessed in an easier way.

In order to mitigate this type of attack you should use strong password that is hard to brute force.

To eliminate possibility of this attack entirely you can use WPA-PSK (do not forget to use aes-ccm encryption!). WPA-PSK does not include the field that is used to verify the password in this attack.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1082
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 10:50 am

With "WPA-PSK" you refer to a non-WPA2-configuration?
 
User avatar
Davis
Member Candidate
Member Candidate
Posts: 118
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 11:17 am

Are there any benefits for sending PMKID for non-EAP networks (some people claim that there aren't)?

If no, is it planned to fix this vulnerability (by not sending PMKID for PSK networks)?

There are actually 3 reasons why this attack is worse than previously known procedure:
1. It is possible to obtain PMKID for bruteforcing PSK password without any clients connected. This is especially bad for admin-only wifi networks (and other networks that usually have no clients connected).
2. Nothing will be logged in MikroTik. AFAIR with previously known procedure usually dissociation (usually many dissociations) followed by failed association attempt will be logged.
3. This will be unnoticable for wifi users.

Also what is behavior for this bug when "/interface wireless access-list" is used to provide different PSKs for different client MAC addresses?
And what is behavior for this bug when wireless interface has "default-authentication=no" (in combination with "/interface wireless access-list" entries)?

P.S. Of course a strong password must always be used, but also attack surface (points where attacks are possible) must always be reduced. In this case not sending PMKID would greatly reduce attack surface for rarely used networks.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1648
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 12:32 pm

Next RouterOS v6.43rc release will have an option that will allow to disable usage of PMKID. Setting should be used at your own risk knowing that some clients might not be able to connect.

If it will work well, then we will, most likely, backport these changes also to other RouterOS version release channels.
 
R1CH
Forum Guru
Forum Guru
Posts: 1108
Joined: Sun Oct 01, 2006 11:44 pm

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 12:46 pm

How do you get the PMKID from a Mikrotik AP? I have tried the attack on my wAP AC (WPA2-PSK), but the driver didn't implement the necessary fields.
 
Mplsguy
MikroTik Support
MikroTik Support
Posts: 227
Joined: Fri Jun 06, 2008 5:06 pm

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 12:49 pm

Are there any benefits for sending PMKID for non-EAP networks (some people claim that there aren't)?
Well, there are no benefits, because using PMKID allows to skip authentication stage, which is non-existent when PSK is used anyway. The only reason to include PMKID when PSK is used is because 802.11 does not seem to be very specific about whether it must be included. What if there is some client that is very strict on checking what it receives?
If no, is it planned to fix this vulnerability (by not sending PMKID for PSK networks)?
We will add an option to disable sending PMKID in handshake message 1.
Also what is behavior for this bug when "/interface wireless access-list" is used to provide different PSKs for different client MAC addresses?
PMKID is generated based on PSK used in key exchange, so in order to brute force particular password you must sniff handshake frame sent by AP that contains PMKID generated using PSK that you are interested in. Note that "access-list" operates on mac-address that can be spoofed by attacker relatively easy, so it is not adding more security - attacker either needs to observe handshake of legitimate client or spoof clients mac-address and attempt handshake (it will fail, but nevertheless attacker will get the frame with PMKID). If you use per-client PSK, in case PSK for one client gets compromised, you only need to change it for particular client, not all of them.
And what is behavior for this bug when wireless interface has "default-authentication=no" (in combination with "/interface wireless access-list" entries)?
Considering that attacker can sniff frames and spoof mac-address, the only situation where this will help is when attacker can not figure out the mac-address it should use to attempt connecting, but this can not be considered protection. If attacker finds out mac-address of client that is allowed to connect, he can cause key handshake and attempt to brute force the PSK.
 
User avatar
Davis
Member Candidate
Member Candidate
Posts: 118
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 2:39 pm

The only reason to include PMKID when PSK is used is because 802.11 does not seem to be very specific about whether it must be included. What if there is some client that is very strict on checking what it receives?
Possibly Ubiquity might not be sending PMKID.

We will add an option to disable sending PMKID in handshake message 1.
Thank you very much for adding this option!

PMKID is generated based on PSK used in key exchange, so in order to brute force particular password you must sniff handshake frame sent by AP that contains PMKID generated using PSK that you are interested in. Note that "access-list" operates on mac-address that can be spoofed by attacker relatively easy, so it is not adding more security - attacker either needs to observe handshake of legitimate client or spoof clients mac-address and attempt handshake (it will fail, but nevertheless attacker will get the frame with PMKID). If you use per-client PSK, in case PSK for one client gets compromised, you only need to change it for particular client, not all of them.
So in this scenario:
  • "default-authentication=no" is set for access point
  • corresponding "/interface wireless security-profiles" has wpa-pre-shared-key and wpa2-pre-shared-key set to some value (e.g. "wpa-pre-shared-key=Password123 wpa2-pre-shared-key=Password123")
  • "/interface wireless access-list" has entries for clients with a different "private-pre-shared-key" for each client
  • at the moment of attack no clients are connected (and attacker does not know MAC addresses of clients)

The only information attacker can obtain is PMKID of "wpa2-pre-shared-key" mentioned in security-profile (in this example - hash that bruteforces to "Password123"), correct?
And attacker will not be able to connect with that password (assuming there are no access-list entries without private-pre-shared-key specified), correct?
I am describing this scenario as it illustrates possible mitigation of the vulnerability (locked down AP with per-device keys) in situation where this vulnerability has greatest effect (AP that is online all the time, but rarely has a client connected).

P.S. For other readers I can mention that in case a client is connected the classical WPA attack (involving spoofing client disconnection and recording the network traffic while client reconnects) can be applied and benefits of PMKID attack are very small (not disturbing client and not getting logged the classical "dissociation storm" in RouterOS).
 
Mplsguy
MikroTik Support
MikroTik Support
Posts: 227
Joined: Fri Jun 06, 2008 5:06 pm

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 4:42 pm

So in this scenario:
  • "default-authentication=no" is set for access point
  • corresponding "/interface wireless security-profiles" has wpa-pre-shared-key and wpa2-pre-shared-key set to some value (e.g. "wpa-pre-shared-key=Password123 wpa2-pre-shared-key=Password123")
  • "/interface wireless access-list" has entries for clients with a different "private-pre-shared-key" for each client
  • at the moment of attack no clients are connected (and attacker does not know MAC addresses of clients)

The only information attacker can obtain is PMKID of "wpa2-pre-shared-key" mentioned in security-profile (in this example - hash that bruteforces to "Password123"), correct?
No. In order to obtain any PMKID attacker must get to key handshake phase that happens only after successful 802.11 association. If client is not in access-list, it is refused 802.11 association and AP does not even go to key handshake phase.
 
User avatar
Davis
Member Candidate
Member Candidate
Posts: 118
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: WPA2 preshared key brute force attack

Thu Aug 09, 2018 4:55 pm

No. In order to obtain any PMKID attacker must get to key handshake phase that happens only after successful 802.11 association. If client is not in access-list, it is refused 802.11 association and AP does not even go to key handshake phase.
So in this scenario attacker won't be able to obtain any password hashes (assuming attacker will not try to guess MAC addresses)?
 
Mplsguy
MikroTik Support
MikroTik Support
Posts: 227
Joined: Fri Jun 06, 2008 5:06 pm

Re: WPA2 preshared key brute force attack

Fri Aug 10, 2018 9:16 am

No. In order to obtain any PMKID attacker must get to key handshake phase that happens only after successful 802.11 association. If client is not in access-list, it is refused 802.11 association and AP does not even go to key handshake phase.
So in this scenario attacker won't be able to obtain any password hashes (assuming attacker will not try to guess MAC addresses)?
Correct. Like I said - in order to obtain PMKID attacker has to either observe or cause key handshake and that happens only after successful 802.11 association. In RouterOS access-list checking (and radius-mac-authentication as well) happens before key handshake (this is kind of obvious, because access-list or radius-mac-authentication can provide PSK).
 
Samot
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Nov 25, 2017 10:01 pm

Re: WPA2 preshared key brute force attack

Fri Aug 10, 2018 3:41 pm

I think as long as your wifi password/keys are not something an idiot would use as their luggage combination you're fine.

Image
 
User avatar
erickbrito
just joined
Posts: 3
Joined: Mon Jul 20, 2015 6:41 pm

Re: WPA2 preshared key brute force attack

Fri Aug 10, 2018 7:43 pm

there are still several vulnerabilities, soon I will show some of them to be corrected.
Last edited by erickbrito on Fri Aug 10, 2018 8:19 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3333
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: WPA2 preshared key brute force attack

Fri Aug 10, 2018 7:58 pm

a inda a varias vulnerabilidade, depois vou mostrar umas das brechas a ser corrigido.
This is an English forum. Please post in English for all to read. You can edit your post and change it.
Nem todo mundo está lendo Português
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1767
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: WPA2 preshared key brute force attack

Tue Aug 14, 2018 4:11 pm

What's new in 6.43rc56 (2018-Aug-13 11:13):
...
*) wireless - added option to disable PMKID for WPA2 (CLI only);
...
So far all devices i tried connects just fine.
 
Simono
newbie
Posts: 49
Joined: Tue Mar 20, 2018 9:41 am

Re: WPA2 preshared key brute force attack

Sat Aug 18, 2018 9:42 am

Of course this will be also as option on Capsman?
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: WPA2 preshared key brute force attack

Sat Aug 18, 2018 9:54 am

And what about working on WPA3?
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Mon May 05, 2014 10:36 am

Re: WPA2 preshared key brute force attack

Sat Aug 18, 2018 1:25 pm

And what about working on WPA3?
According to Qualcomm you need new chipsets for WPA3 so it seems that old gear wont be able to support it ...
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: WPA2 preshared key brute force attack

Fri Aug 24, 2018 9:01 pm

And what about working on WPA3?
According to Qualcomm you need new chipsets for WPA3 so it seems that old gear wont be able to support it ...
As far as I can tell that is a big spit of "bullspit" ;-) WPA3 can be done in software only if the hardware features in a old chip is to slow. But then again braindead old cheap AP's have slow cpu's as well so........... But supporting a new standard is one thing. Turning on ALL nerd nobs of that new standard is another one.

SO....

Mikrotik: How about a statement of how,when,where will we be able to use WPA3 instead?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: WPA2 preshared key brute force attack

Mon Aug 27, 2018 1:11 pm


Mikrotik: How about a statement of how,when,where will we be able to use WPA3 instead?
Or at least, "whether" :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26807
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: WPA2 preshared key brute force attack

Mon Aug 27, 2018 2:20 pm

WPA3 is not supported in any client devices yet, as far as I know.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3333
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: WPA2 preshared key brute force attack

Mon Aug 27, 2018 7:55 pm

Someone has to be the first, if all is waiting for all other to release WPA3 it will never come :)
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2396
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: WPA2 preshared key brute force attack

Mon Aug 27, 2018 10:57 pm

Someone has to be the first, if all is waiting for all other to release WPA3 it will never come :)
Yes it is true. Sometimes Mikrotik might be the first
 
notToNew
Member Candidate
Member Candidate
Posts: 174
Joined: Fri Feb 19, 2016 3:15 pm

Re: WPA2 preshared key brute force attack

Sun Sep 09, 2018 8:38 am

Of course this will be also as option on Capsman?
It already is. Just try it.
 
plisken
Forum Guru
Forum Guru
Posts: 2511
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: WPA2 preshared key brute force attack

Sat Jan 19, 2019 5:59 pm

WPA3 is not supported in any client devices yet, as far as I know.
@Normis, When can we expect WPA3 updates on the Mikrotik devices
 
marekm
Member
Member
Posts: 400
Joined: Tue Feb 01, 2011 11:27 pm

Re: WPA2 preshared key brute force attack

Tue Mar 05, 2019 11:34 am

Any known issues with disable-pmkid=yes so far? It's not yet the default (as of 6.44) - why?
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 8:38 pm

Another big hole revealed today.

1 billion devices affected. How much abandonware?

"You can just use WPA3"
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 129
Joined: Tue Feb 04, 2020 5:58 pm

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 9:02 pm

@vortex Are you talking about Kr00k?
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 9:03 pm

Yes
 
complex1
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Wed Jan 04, 2017 9:55 pm
Location: NL-NH

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 10:05 pm

Kr00k.... should we worry about this?
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 10:19 pm

Likely already patched if you don't have abandonware.

Only Cypress and Broadcom WiFi was found to be affected.
 
r00t
Long time Member
Long time Member
Posts: 674
Joined: Tue Nov 28, 2017 2:14 am

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 11:22 pm

Not a single Mikrotik hardware uses Cypress or Broadcom wireless chipset, so answer is clearly NO.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: WPA2 preshared key brute force attack

Wed Feb 26, 2020 11:38 pm

Not a single Mikrotik hardware uses Cypress or Broadcom wireless chipset, so answer is clearly NO.
People have other devices too.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: WPA2 preshared key brute force attack

Fri Feb 28, 2020 12:40 am

Kr00k.... should we worry about this?
Update: Cisco is working on patches.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: WPA2 preshared key brute force attack

Fri Feb 28, 2020 7:35 pm

Bad idea to setup an office only with WiFi.

Who is online

Users browsing this forum: cyrq, nickvacula and 9 guests