Community discussions

MikroTik App
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 205
Joined: Fri Jul 10, 2009 10:23 am

Warning a router has been exploited - iam iam

Mon Jun 11, 2018 9:15 am

Hi everyone,

Please scour your routers for dodgy accounts in ppp secrets.

One of our extremely secure routers running ROS 6.41.2 has been compromised by what I believe must be a security vulnerability. This router has brute-force protection and ridiculous passwords which would have made brute-forcing it impossible.

A VPN account was created with username iam and password iam. This account was also used... It set its local address to 8.8.8.8 and remote address to 8.8.4.4. service=any and profile=default

I have submitted a supout to Mikrotik so hopefully they can investigate this and get to the bottom of this so that all routers can be patched.
 
Sob
Forum Guru
Forum Guru
Posts: 5616
Joined: Mon Apr 20, 2009 9:11 pm

Re: Warning a router has been exploited - iam iam

Mon Jun 11, 2018 6:32 pm

People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 205
Joined: Fri Jul 10, 2009 10:23 am

Re: Warning a router has been exploited - iam iam

Tue Jun 12, 2018 3:24 pm

Thanks, seems I underestimated that issue. When I read that it
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
it did not seem like such a big deal as my routers were "secured", but clearly that was not the meaning of that line. It would have been better if it had read "fixed vulnerability that allows unauthenticated users to download the login details and gain full access to any Mikrotik router running the affected versions of ROS".
Last edited by Wyz4k on Tue Jun 12, 2018 3:41 pm, edited 1 time in total.
 
BRMateus2
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Thu Oct 26, 2017 11:18 pm

Re: Warning a router has been exploited - iam iam

Tue Jun 12, 2018 3:32 pm

Agreed.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 152 guests