Winbox Security: Password Stored in clear text format

RouterOS General
1

I know its not recommended to save the password in mikrotik WINBOX (as password are stored in clear text form in winbox.cfg in local pc user profile), But we HUMANS love being lazy enough or with weak memory sometimes prefer to save the password and the management PC and sometimes this PC is also shared by some other co-admins/colleagues dueto lack of resources :stuck_out_tongue:

In my opinion, It could be annoying backdoor / password leak issue by WINBOX.

Mikrotik developer should really focus in this section , and encrypt the password using strong hash algorithm. I used it few months back at a friendā€™s admin PC to fetch the iD password with all details as showed in the image. Just imagine what will happen if it fall into wrong hands ā€¦
winbox-security-issue.png

2

Yes, this is true. Do not ā€œsaveā€ passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.

3

Good news NORMIS, & waiting for new WINBOX ā€¦ :slight_smile:

4

Please, make posible to create subgroups of routers in winbox saved list of routersā€¦ We have the administration of hubdred of networks with thousand of routersā€¦ ITs very hard to find the correct router to enter..

5

Do u plan to add some new features (i.e. storing personal default column selection) to WinBox or just some security improvements? Will the new version work natively on linux distroā€™s? I hope u donā€™t wanna based it on java:)

Wysłane z Nokii 3310

6

Thanks man, that idea will be ruining my sleep every time Iā€™ll remember it. :wink: But it would not make much sense anyway. Currently WinBox ā€œjust worksā€ on Windows and Linux users have to install WINE, which they might not need for anything else, so I agree itā€™s not as cool. With Java WinBox, everyone would have to install huge and otherwise pretty much useless Java. Doesnā€™t sound like a progress to me.

7

Hey Normisā€¦ itā€™s been 6 years. Any word on adding some security to Winbox?

8

I donā€™t remember when it was added, but thereā€™s option to set master password and it will make saved sessions encrypted.

9

Yes, itā€™s been six years, like you said :smiley:

Like above poster says, for many years you can encrypt the passwords. You must provide a decryption key (master password).