There are definitely ways like deauth all clients, grab hash and try to crack it; or evil twin attack.