Keeping in mind what we just discussed, you may now be surprised to find that this process is vulnerable to attack! However, the issue is not the core concept, but the practical implementation of the standard. As with most technical standards, sacrifices were made to the security of the solution in order to make it user-friendly. In specific, the sacrifice that was made to make the solution usable was making certain stages in the handshake replayable in the event of a missed message.

While this is not a huge issue for most of the process, Stage 3 is replayable and can have a dramatic effect on the security of the overall solution. By placing themselves in a Man-in-the-Middle (MITM) position during the authentication process, an attacker can block the correctly negotiated PTK and install their own in certain circumstances. The Key Replay Counter and associated nonce values are reset when a key is negotiated. So by blocking certain packets, an MITM attacker can predict what counter and nonce values are going to be by forcing a key reinstall. This will enable future attackers to perform malicious actions such as decryption, spoofing, and packet replay.

However, in deference to how the security industry operates, researchers have wisely only released Proof of Concept (PoC) scripts showing that the attack can be performed on client devices, and they have not released full-attack scripts to fully carry out the attacks against established networks. It should be noted, however, that they have announced that Android and Linux distributions are vulnerable to a key reinstall attack that forces the use of an all-zero key, effectively making traffic decryption trivial.