System login

mzrana · July 2, 2024, 7:45am

I upgraded my Routerboard to v7.15, after apdate New login created auto, username: System, so i can not access it as admin with full rights . please suggest System login password if possible
WhatsApp Image 2024-07-01 at 3.17.49 PM.jpeg

Kanzler · July 2, 2024, 8:07am

Very strange. Did this really happen right after the update?

mzrana · July 2, 2024, 8:11am

Yes

Kanzler · July 2, 2024, 8:14am

I haven’t encountered this. All updated routers do not have the “System” user. Just the first thing that came to mind was that the router was compromised

infabo · July 2, 2024, 8:19am

There was far too little information provided. Did the “admin” group exist before the upgrade? Could you still log in with the “admin” user before the upgrade? What version was it before the upgrade? Was the user list actually checked before the upgrade?

please suggest System login password if possible

wtf? Even though you are a MikroTik trainer, you are asking such a question?

Apachez · July 2, 2024, 8:42am

If you click on the group tab - whats the difference between full and admin?

I would probably try to extract the current config and then import it back with “keep-users=no” (dont forget to add a custom user to your rsc file).

Doing a fresh netinstall is probably a safer bet to just wipe the device.

mzrana · July 2, 2024, 8:47am

before upgrade, there was no any system user or admin group but after update its happening.
Screenshot 2024-07-02 134540.png

Kanzler · July 2, 2024, 8:52am

I think it’s worth writing to support@mikrotik.com and clarifying whether such a user could appear after the update. Because at first glance it looks like the router is hacked

mzrana · July 2, 2024, 8:56am

there is no hack possibity, becase i have not connect to WAN side yet, just open box and upgrade

infabo · July 2, 2024, 10:10am

Can be compromised from LAN side as well…

Must be compromised or you ran some custom scripts which created this user/group and changed existing group of admin with your upgrade or something.

mzrana · July 2, 2024, 10:20am

only laptop connected with router.

siunusdev · July 4, 2024, 6:40am

Is there a solution for this issue?
It happened to me. During the first installation of CHR on a DigitalOcean Droplet, there are two default users: ‘System’ in the ‘full’ group and ‘admin’ in the ‘admin’ group. The ‘admin’ user cannot access Telnet, created scripts are not working, and the API service cannot be used.

abbio90 · July 7, 2024, 5:26am

it was probably exposed with a public IP during installation and they hacked it. happened to me too.

infabo · July 8, 2024, 6:02am

Username: admin
password:

?

jddixon666 · July 8, 2024, 9:54am

Good morning all

We have a router doing this as well this morning! RouterOS 6.49.15. Was in service at the time on a customer’s site. I suspect it has been pwned somehow! Hardware is a hEX (mmips). Firmware also 6.49.15. A strong password was used and IP management restricted to LAN and a small range of trusted external addresses!

skycanfiya · July 9, 2024, 9:40am

I had a same issue, it is the api service didn’t turn off, someone hacked in and did the same thing.

anatod · August 6, 2024, 3:21pm

Same here! New installation on AWS,i can’t do anything because i don’t have “system” password.

Reeman · September 25, 2024, 7:04am

I have the same issue with 3 devices : 2 hex and one CCR2004-12G

optio · September 25, 2024, 8:05am

http://forum.mikrotik.com/t/device-got-hacked-1-min-after-connected-to-internet/178933/1

kleshki · September 25, 2024, 9:02am

Same stuff via api.
MikroTik please react! This is common