Good morning all,
As a quick introduction I am a senior IT consultant and have worked with WANs, CANs, and WiANs as a necessity for the several contracts I've worked on; please bare this in mind when responding.

I have purchased a hEX 5 port router as an alternative to Netgear, cisco, D-Link etc mostly because of its management tools.
Recently I have noticed something odd and wanted to reachout to the community for further guidance.

QUESTION: is there an issue with user credentials on the hEX 5port router?

CONTEXT:
Upon initial setup I changed both the Admin user name and password (duh but I see that's the first question people ask). I then go through and lock down port services to just winbox and 443. I then generate my initial SSL cert and link it to the 443 service (no port forward and should just be local ip), setup my IP ranges for my primary and subsidiary networks. I updated the router OS to 7.10 and then pointed my DNS (unbound dns resolver and DNS sync).
About 4 days later, when I attempted to login I received an error message that my connection took too long via https. Eventually the page loaded but constantly failed to login.
Frustrated I simply reset the router, changed default and and password, set up SSL, set up tables, and again locked port services to just winbox and 443 (with self signed SSL) etc, and again a few days later I was unable to login via winbox nor webfig. Frustrated I reset it again, and again and again.
I'm sort of at a loss here, I checked my winbox .cfg file (as it holds the last user name and password) to ensure I'm using the correct credentials (I was) and then I checked my DNS logs to see if there was any access into my router and subsequent network (there where none).
So I've proven I'm using the correct credentials, I see no breech has occured and yet I am constantly prevented from logging into the router.

Currently I am receiving the time out error (took too long to establish connection) and have gone so far as to remove the timeout on Firefox to retry indefinitely. But the main issue is the the hEX router seems to loose it's credentials at some point.

Has any one experienced this issue?

will be nice to know which version of routeros are you using, also the exact reference of your device

In my first post I said it's the hex 5port router the (RB750Gr3).
I also already stated I updated the OS to 7.10.......
Let's make sure to review the information before continuing.
Do you need anything? It's most likely already in the first post, but I don't mind simplifying.

There are more than 1 hEX model ... it's a family : https://mikrotik.com/products/group/ethernet-routers

The question is quite combersome to answer.

Are you sure that the problem are credentials?
Did you try MAC based logging?

Ah, yes, most were retired but I get your point: this model RB750Gr3.

My DNS logs IP, port and MAC and did not see any breeches.
Unless you meant MAC* (edited) address login then yes, I used winbox with both IP and MAC address to login. I see that I didn't identify that in my first post.

The port security was limited to an IP range in network and DNS is pointed internally for boundary control.

As for the credentials, yes the error states they are wrong, and before we jump to conclusions I created the password in vaultwarden and used winbox cfg to ensure I was using the correct credentials; Both matched and this issue has occured more than once. Specifically the past four resets (total of 15 to learn the system and test configurations) seem to suddenly loose their credentials.
I am in the process of resetting the system again, this time locking the port services to just winbox and nothing else.

The question was,is there a known issue with the hEX series user control that would invalidate the credentials? Like, moving a computer to a different physical port? Placing a switch between a previously connected computer and the router? Is there a default limit or ban in place?

The answer to the last question is: No. AFAIK there are no known problems with these particular models.

Any idea what could cause the issue?

Okay I've just replicated the problem. It looks like the user authentication fails if you start moving the physical ports around.
I changed the default admin user and password but disconnected it from the Internet so I could simplify the login credentials. Everything seemed to be fine until I started moving the ports, placing switches in-between the router and computers and altering the IP addresses.
Has this behavior been seen? Can any one else confirm?
Any idea how I should go about scanning the router OS to make sure I'm not compromised or something?

Do you have Winbox access properly enabled for TCP or MAC on all ports or only for WAN or LAN?
https://help.mikrotik.com/docs/display/ROS/MAC+server

Winbox was left as default, but all other services where disabled
I'm my prior renditions I limited access to the default LANip range and before that I used MAC filtering. With each issue I reduced the settings.

As a side note I noticed that enabling multiple hashing algorithms contributed to time out sessions. In case any one experienced this issue. Work around was to just level default group and create separate groups based on desired algorithms individually. Sorry no catch all for the 5port.

Good morning all,
After recreating the problem, i re-established my configurations and backed them up directly on-board in case the issue arises again and i have to reset the system.

Current configuration for Port Services is to lock down the Access to LAN and specify any static systems; in my case i run Unbound/Searx/Mail server all from a SBC and since it has both GUI and SSH functions (dabian) i added its static IP to the Addresses list of the Service(s) as well as adding a Self Signed SSL for 443 Which i will make another post for later on.

At the moment, i do not see many others experiencing this issue and will likely close this thread until the issue occurs en mass; Or I experience it again and am able to provide further details.
Thank you again for the assistance though this seemed to be an exercise in futility