Community discussions

MikroTik App
 
essides
newbie
Topic Author
Posts: 29
Joined: Fri Mar 10, 2017 6:18 pm
Location: Murcia ( Spain )

Can't Log in After Upgrade

Fri Sep 14, 2018 1:58 pm

After upgrade to 6.43 winbox can't login , always same error "Wrong Username or Password"

So I reset to factory default, I setup my backup and everything was working OK. but after few days I got same issue. Can't login.

I tried with many winbox versions but always same result.

do you know what is happening here?

Thanks you.
 
proximus
Member Candidate
Member Candidate
Posts: 113
Joined: Tue Oct 04, 2011 1:46 pm

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 2:20 pm

Winbox 3.18 just released.
viewtopic.php?f=21&t=139189

Have you tried that version?
 
spacemind
Member Candidate
Member Candidate
Posts: 111
Joined: Mon Jul 07, 2008 8:33 pm

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 2:32 pm

Hi,

I´m heaving same issues with a few installations since ros6.42, i am unable to login with both of our usernames.

"Wrong Username or Password"

Same issue with winbox 3.18...

Any help ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 2:40 pm

Did you try to log in with SSH/Telnet/Webfig also?
No answer to your question? How to write posts
 
spacemind
Member Candidate
Member Candidate
Posts: 111
Joined: Mon Jul 07, 2008 8:33 pm

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 4:48 pm

Did you try to log in with SSH/Telnet/Webfig also?
SSH is disabled and telnet "connection refused". local or remotely.

Best regards
 
parrot
just joined
Posts: 7
Joined: Fri Oct 11, 2013 5:49 pm

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 5:40 pm

RB3011 running 6.40.9, 2 days ago recieved "wrong username or password" in winbox. User is not "admin", password is strong enough. LCD touch was disabled.
A crack - i think, than netinstall, 6.43, total reconfig (had no backups)... and today i recived the same message "wrong username or password". All services, exept winbox, are disabled. Winbox is allowed from internal network and for 1 external IP (my work). LCD is workind, i can reset config, but what a hell is going on?
Is it a issue or open gate for hack?
 
tippenring
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 5:52 pm

RB3011 running 6.40.9, 2 days ago recieved "wrong username or password" in winbox. User is not "admin", password is strong enough. LCD touch was disabled.
A crack - i think, than netinstall, 6.43, total reconfig (had no backups)... and today i recived the same message "wrong username or password". All services, exept winbox, are disabled. Winbox is allowed from internal network and for 1 external IP (my work). LCD is workind, i can reset config, but what a hell is going on?
Is it a issue or open gate for hack?
Did you use the same credentials that you had on the router before you upgraded to 6.40.9? Attackers were harvesting router credentials for months before the vulnerability was discovered in April of 2018. If you configured the same credentials in use prior to upgrading to 6.40.9, your credentials are probably compromised.
 
parrot
just joined
Posts: 7
Joined: Fri Oct 11, 2013 5:49 pm

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 6:58 pm

Did you use the same credentials that you had on the router before you upgraded to 6.40.9? Attackers were harvesting router credentials for months before the vulnerability was discovered in April of 2018. If you configured the same credentials in use prior to upgrading to 6.40.9, your credentials are probably compromised.
I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.
 
tippenring
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 8:12 pm

I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.
Have you tried Winbox 3.18? There's a potential fix there. I just realized you aren't the OP. The OP tried 3.18, but you haven't said you tried it.
 
parrot
just joined
Posts: 7
Joined: Fri Oct 11, 2013 5:49 pm

Re: Can't Log in After Upgrade

Fri Sep 14, 2018 8:47 pm

Winbox 3.18 also was tried. No results.
 
FatRat
just joined
Posts: 3
Joined: Wed May 29, 2013 3:19 pm

Re: Can't Log in After Upgrade

Tue Sep 18, 2018 1:46 pm

Any news? I've got the same issue also ....

RB951
Upgraded to 6.40.9 two weeks ago (was attacked by mining scrypt), next days logon was successful, last successful connect was Sep 11, but now "Wrong user or password .."
Tried Winbox 3.11, 3.14, 3.18 - all negative.

Unfortunately - all impacted routers are on remote sites ...

Any ideas ? How to restore access to routers without send it from remote to local office ?
 
ecoli
just joined
Posts: 2
Joined: Tue Sep 18, 2018 4:06 pm

Re: Can't Log in After Upgrade

Tue Sep 18, 2018 4:12 pm

I had update my RB951Ui-2HnD to ver. 6.42.7, and now not login "ERROR: wrong username or password".
Winbox 3.18 ver. not solved issue.
 
ecoli
just joined
Posts: 2
Joined: Tue Sep 18, 2018 4:06 pm

Re: Can't Log in After Upgrade

Tue Sep 18, 2018 4:30 pm

Any news? I've got the same issue also ....

RB951
Upgraded to 6.40.9 two weeks ago (was attacked by mining scrypt), next days logon was successful, last successful connect was Sep 11, but now "Wrong user or password .."
Tried Winbox 3.11, 3.14, 3.18 - all negative.

Unfortunately - all impacted routers are on remote sites ...

Any ideas ? How to restore access to routers without send it from remote to local office ?
I have same issue, and also RB951
 
parrot
just joined
Posts: 7
Joined: Fri Oct 11, 2013 5:49 pm

Re: Can't Log in After Upgrade

Tue Sep 18, 2018 7:31 pm

As i've got understood, versions below 6.43 are compromised for attack. I've had to upgrade to 6.43 and total reconfig (because backup files aslo send message about wrong password, btw they were written without any password at all).
 
FatRat
just joined
Posts: 3
Joined: Wed May 29, 2013 3:19 pm

Re: Can't Log in After Upgrade

Tue Sep 18, 2018 7:53 pm

As i've got understood, versions below 6.43 are compromised for attack. I've had to upgrade to 6.43 and total reconfig (because backup files aslo send message about wrong password, btw they were written without any password at all).
As far as I saw - in 6.40.9 also has fixes for security issues ....

Anyway, how did you upgrade to 6.43 ? Via NetInstall ? With clearing config ?
 
parrot
just joined
Posts: 7
Joined: Fri Oct 11, 2013 5:49 pm

Re: Can't Log in After Upgrade

Tue Sep 18, 2018 8:30 pm

6.40.9 was hacked after 2 days after update (14 sept). Winbox port was opened for internal network and only for 1 external IP (my work). All other services were disabled. Firewall rules protected as usual.
After "wrong username or password" i could reset configuration via LCD. After update 6.43: the oldest backup, that i could restore, had made device unuccessable vai all protocols.
So i had to unpack all my knowledge i hadn't been use for 2 years and reconfig about 40 routes, 6 pptp clients, xx firewall, mangles, nat, etc... fuck them all... Backup every 10 minutes and try to restore this backup file to be sure it can be restored. About 6 hours of sex...
6.43 is living now about 40 hours.
 
vsh2007
just joined
Posts: 1
Joined: Wed Sep 19, 2018 2:52 pm

Re: Can't Log in After Upgrade

Wed Sep 19, 2018 3:11 pm

Good day!
hacking being asked, but (unfortunately)
installed 6.43, got " wrongusername..."
've reset the configuration, restore configuration,
entered a new user and password.
Set a limit on the connection "winbox" by IP
it took 5 days
I try to connect "winbox".... getting " wrongusername..."

winbox version 3.18 also does not help.

To restore all of course not for long.... the question is for how long...

Besides changing passwords, are there any other recommendations?
 
spacemind
Member Candidate
Member Candidate
Posts: 111
Joined: Mon Jul 07, 2008 8:33 pm

Re: Can't Log in After Upgrade

Fri Sep 21, 2018 8:48 pm

Good day!
hacking being asked, but (unfortunately)
installed 6.43, got " wrongusername..."
've reset the configuration, restore configuration,
entered a new user and password.
Set a limit on the connection "winbox" by IP
it took 5 days
I try to connect "winbox".... getting " wrongusername..."

winbox version 3.18 also does not help.

To restore all of course not for long.... the question is for how long...

Besides changing passwords, are there any other recommendations?
Netinstall 6.43.2 on the device with no configuration and start from scratch. Do no copy paste old backup or export lines as the virus changed many things.

Best Regards
 
parrot
just joined
Posts: 7
Joined: Fri Oct 11, 2013 5:49 pm

Re: Can't Log in After Upgrade

Fri Sep 21, 2018 9:15 pm

The further, the more the impression is created that the firmware of the router turns into one big hole, the hole from the ass.
And in order to somehow protect the router from attacks, you need to write 100500 rules to plug all possible holes.
Mikrotik, are you serious?
 
mkx
Forum Guru
Forum Guru
Posts: 4325
Joined: Thu Mar 03, 2016 10:23 pm

Re: Can't Log in After Upgrade

Fri Sep 21, 2018 9:34 pm

Suggestion by @spacemind might not be the best. I'd start from default setup, which has decent firewall rules (20 or so, definitely much less than 100500) that protect RB from attacks originating from internet. And then proceed with adding necessary changes according to needs. Definitely avoid all those youtube tutorials unless you know what you're doing (but then you don't need them).

Recovery of hacked router should be taken as (not so) great opportunity to reconsider past decissions ... as they quite obviously weren't all that great.

I'm not a MT veteran, I'm using RBs for 2.5 years. I have a gut feeling though that default FW filter rules did evolve during this time, but I won't bet on this ... I don't vouch for whatever I did at that time :wink:
But when ROS is upgraded on a device, its configuration is not changed (unless there's some architectural change). So newer, safer, default FW rules never apply to old device unless admin does it by hand.
BR,
Metod
 
essides
newbie
Topic Author
Posts: 29
Joined: Fri Mar 10, 2017 6:18 pm
Location: Murcia ( Spain )

Re: Can't Log in After Upgrade

Mon Sep 24, 2018 11:31 am

I think it has easy answer. Mikrotik has been hacked. Everyone thought it was an strong system. but now, at least for me. 5 of 21 machine have no access. ( Strong password, strong firewall rules ).
 
ant0nwax
just joined
Posts: 24
Joined: Sun Oct 21, 2018 8:47 am

Re: Can't Log in After Upgrade

Fri Nov 16, 2018 10:28 pm

heya, I go connection refused on port 80 and 443, only telnet is working, I wonder if this is a hack or just a malfunction, /ip system web & ssh is enabled, please could someone tell me how to check this correctly, tomorrow I am on the site, thanks
 
ant0nwax
just joined
Posts: 24
Joined: Sun Oct 21, 2018 8:47 am

Re: Can't Log in After Upgrade

Mon Apr 13, 2020 6:00 pm

i guess a reboot solved the topic, or i cannot remember :) but for me i don't need help anymore in this topic, thank you

Who is online

Users browsing this forum: Bing [Bot], mikruser, naudkuneha, vilpalu and 60 guests