Hi everyone,

Please scour your routers for dodgy accounts in ppp secrets.

One of our extremely secure routers running ROS 6.41.2 has been compromised by what I believe must be a security vulnerability. This router has brute-force protection and ridiculous passwords which would have made brute-forcing it impossible.

A VPN account was created with username iam and password iam. This account was also used... It set its local address to 8.8.8.8 and remote address to 8.8.4.4. service=any and profile=default

I have submitted a supout to Mikrotik so hopefully they can investigate this and get to the bottom of this so that all routers can be patched.

Thanks, seems I underestimated that issue. When I read that it

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;

it did not seem like such a big deal as my routers were "secured", but clearly that was not the meaning of that line. It would have been better if it had read "fixed vulnerability that allows unauthenticated users to download the login details and gain full access to any Mikrotik router running the affected versions of ROS".

Agreed.