Discovered new attack vector in WPA2-PSK

Jens "atom" Steube, who developed HashCat cracking application, has accidentally found, while looking for possible attacks for the WPA3 protocol, a new vulnerability in the Wi-Fi networks protected with WPA-WPA2 PSK (Pre-Shared Key) with fast roaming activated.

Contrary to the other attacks, it isn't necessary any costumer who is connected, since the router is attacked directly by obtaining PKMID value. This value is encrypted by HMAC-SHA1, so to obtain the password we will need a dictionary to decrypt it. This new method does not make it easier to attack the WPA2 networks, what is achieved is to collect the information more quickly.

It is not known what is the scope of the vulnerability, nor how many devices and routers affect. What is clear is that it works on anyone who has roaming enabled, something usual in all modern routers.

Go top