Good morning, some devices with the 6.43.2 software do not allow me to login.
The credentials are correct, in case of error I receive the error “Authentication failed”, instead with the right user/pass the process goes into timeout.
The problem occurs both with the Winbox, with the telnet and with the SSH.
The mikrotik works, but I can not access it (even locally via MAC address).
These devices are configured to remotely download the configuration (and they do), so I can pass commands. But I have no idea what the problem may be.
I tried to add a user but he has the same problem.
This happened to several auto-updating RB2011’s that I have when they went to the latest bugfix version a few weeks back. The router wouldn’t pass traffic, I couldn’t login. MAC address connection from Winbox wasn’t working and nmap showed only 1723 and 443 as open ports. Curiously this didn’t happen to other routers that had a single switch chip. So I guess it’s related to the hardware offloading in the newest version but I didn’t figure out how upgrade these units safely. I had to backup. Upgrade and restore selected parts of the config.
Assuming you’re using Winbox, make sure you’re using the latest version (as of today 3.18) . There was a recent issue with logging in under certain circumstances.
For any public-facing devices that were publicly-accessible prior to April 2018, did you change all your credentials after the Winbox vuln (https://blog.mikrotik.com/security/winbox-vulnerability.html) was patched? If not, it’s quite possible your creds were swiped back then and they’re now getting around to using them.
The Winbox version is 3.18, the ports are open because the device responds via ssh / telnet / web / winbox.
The device also recognizes the correct credentials, but fails to complete the login procedure.
We can not understand what rule can cause this problem
I’d suggest posting your firewall config. If you have some kind of blacklisting set of rules, you could very well be hitting them and blocking your own access after a few packets. That’s just a thought off the top of my head.
As he says that wrong credentials result in error while proper credentials result in a timeout, I don’t think it is connectivity or firewall related. So netinstall may be the only option.
