I have some mikrotik boards that I need to change passwords on. I don't have original passwords and can only access through the DUDE.
Actually, what can you access trough the Dude ?
SNMP data ?
or start winbox from there ?
If answer is winbox, than you can find the password.
Also for MT to read
: The passwords are stored in the dude database in CLEAR TEXT.
It helped me once, but this is a major concern.
Yes, i know, the files should be properly secured, by the os, and by the user. But, in my opinion, this is a major level of insecurity added by the Dude.
I am a big fan. It helps me keep an eye on every node of a major routed network, wich otherwise would be very hard to manage. And i am using the dude since the begining.
So, if the passwords could be encrypted in some way, with proprietary algoritm or with a secure password, than it should be fine. And just a little harder for the casual user driving by the dude db to find out all the passwords if you stored them.