In the past 24h, there has been public information released in the Hashcat forums by one of their administrators of an improvement on brute force, offline dictionary attacks against WPA/WPA2 PSK (Pre-Shared Key) passwords. The specific improvement is that this can take place without the presence of clients and does not require a full handshake.

The attack can take place when an 802.11 management frame appears with an RSN IE (Robust Security Network Information Element) containing an RSN PMKID.

In mathematical terms:

The PMKID can be brute-forced to grant the PMK, then the usual PSK attacks take place.

I have not called this a vulnerability because I do not know if Mikrotik is vulnerable to this attack nor does there appear to be a CVE number for it. Does anyone have information or can test to state otherwise?

Source: https://hashcat.net/forum/thread-7717.html

This seems like it would only affect 802.1x / EAP setups.

I've attempted this attack against a wAP AC and it was unsuccessful. I don't think Mikrotik's wireless driver implements the features that this attack exploits.

MikroTik (normal wireless or CAPsMAN) does not support 802.11r fast roaming, therefore the RSN IE's are not transmitted by the AP in the first place

I tested the attack on a 2011UiAS-2HnD with RouterOS v6.41rc44 and I've been able to crack my pre-shared key really quickly (shame on me, not a really strong password).

It would be great to get an official response from MikroTik whether RouterOS is affected by this bug (sending PMKID for PSK networks).
And what are the plans for fixing this in case RouterOS is affected?

Although most likely this attack doesn't improve cracking speed, it greatly increases attack surface (as it does not require any clients to be connected when obtaining the password hashes).

P.S. There is a duplicate post about this issue.

Please see this forum topic regarding discussed WPA2-PSK brute force attack method:

viewtopic.php?f=21&t=137838