Depending on your software version, yes, that is correct. See https://blog.mikrotik.com/security/winb ... ility.htmlSo you mean they have some exploit in the device that they could gain access anytime?
Dang it. Sorry about that. I don't know why I didn't notice you were not the OP. I read your reply from the context of the OP. No wonder it didn't make sense to me.@tippenring: I'm not admin of RB trying to outsmart DNS domain admin, @alli is.
Have you tried Winbox 3.18? There's a potential fix there. I just realized you aren't the OP. The OP tried 3.18, but you haven't said you tried it.I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.
You don't necessarily need to post them. Just load the before and after in notepad++ and do a compare.I'll take a look and post them without sensitive configs. Too bad I can't use the Mikrotik auto remove sensitive on saved backups.
What was different between the two configs? That's an easy thing to look at.Right now we are using the CCR that was causing the issue to pass traffic. The only thing that changed to get it to start working was to restore a config file from before the power outage.
I'll bet he/she was alluding that the OP may have a version susceptible to the credential theft bug, so the OP could simply download their creds from the router in clear text and log in.And how do you log in with a lost password??No. Or "not necessarily" anyway.Yes
Sent from Tapatalk