We have an x86 install, running 6.33.5. Shortly after we updated, it began to exhibit a bizarre password behavior: periodically, the password resets to “” (blank). We can change it back, and the new password works for a while - but eventually resets back to blank!
We’ve tried:
- Changing to a new password, in case the old one had leaked and someone was messing with us.
- Disabling API access (we were using it for some internal tools, which started failing due to the password change - how we noticed this problem)
- Disabling SSH, telnet, HTTP access in case that was being used (and because having a blank password is suicidal). These are all on non-default ports, which gets rid of most bot traffic.
The box itself is running about 500 simple queues (RADIUS assigned via DHCP), a traffic shaping queue tree, and PPPoE for about 30 clients. Other than the password issue, the router is functioning really well - no complaints/problems there.
We haven’t managed to nail down exactly when this is happening. Sometimes, it is quick - sometimes it is not.
Our most recent shot in the dark is to go around making sure that everyone has updated to Winbox 3.1 (we had a few older winbox versions floating around). It’s hard to tell, but that may have helped; the password hasn’t changed in the last hour since we did that. If it did help, that’s a pretty serious bug - if an old winbox is dangerous, don’t let it login!
Update: Shortly after I posted this, the password reset to blank again.