WPA and WPA2 (Wi-Fi protected access) are vulnerable to password-cracking attacks, especially when a weak password is used by the network. In order to break into a WPA-enabled AP, the attacker will use the following techniques:

• Sniffing wireless packets in the air: This involves putting the wireless network card in monitor mode and listening and recording everything that is happening around on the local wireless networks.
• Wait for a client to authenticate: APs use a four-way handshake to exchange information with WPA wireless clients for authentication. Mostly, the client needs to prove that they are a legitimate user and has the passcode to the network. This four-way handshake, or the Extensible Authentication Protocol over LAN (EAPOL), encrypts the password in a way that the APs can decrypt it and check whether it matches the one that has been set on the network.
• Use a brute-force attack: Having recorded everything and obtaining the EAPOL packets, the attacker can brute-force the password using an offline dictionary attack against the captured file.

An important point here is that if there aren't any users on the network or if there aren't any users connected to the network, then the attack will fail. However, if a user is active and already authenticated, the attacker can use a variety of attacks, such as a deauthentication attack, against the network AP or the connected or clients to disconnect them and force the client's device to authenticate again.