Community discussions

 
User avatar
aacable
Member
Member
Topic Author
Posts: 422
Joined: Wed Sep 17, 2008 11:58 am
Location: ISLAMIC Republic of PAKISTAN
Contact:

Winbox Security: Password Stored in clear text format

Thu Feb 13, 2014 8:30 am

I know its not recommended to save the password in mikrotik WINBOX (as password are stored in clear text form in winbox.cfg in local pc user profile), But we HUMANS love being lazy enough or with weak memory sometimes prefer to save the password and the management PC and sometimes this PC is also shared by some other co-admins/colleagues dueto lack of resources :p
In my opinion, It could be annoying backdoor / password leak issue by WINBOX.
Mikrotik developer should really focus in this section , and encrypt the password using strong hash algorithm. I used it few months back at a friend’s admin PC to fetch the iD password with all details as showed in the image. Just imagine what will happen if it fall into wrong hands …
winbox-security-issue.png
You do not have the required permissions to view the files attached to this post.
Last edited by aacable on Thu Feb 13, 2014 8:48 am, edited 3 times in total.
_____________
Regard's

Syed Jahanzaib
Web: http://aacable.wordpress.com
Email: aacable [at] hotmail.com
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24077
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Winbox Security: Password Stored in clear text format

Thu Feb 13, 2014 8:33 am

Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.
No answer to your question? How to write posts
 
User avatar
aacable
Member
Member
Topic Author
Posts: 422
Joined: Wed Sep 17, 2008 11:58 am
Location: ISLAMIC Republic of PAKISTAN
Contact:

Re: Winbox Security: Password Stored in clear text format

Thu Feb 13, 2014 8:49 am

Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.
Good news NORMIS, & waiting for new WINBOX ... :)
_____________
Regard's

Syed Jahanzaib
Web: http://aacable.wordpress.com
Email: aacable [at] hotmail.com
 
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1681
Joined: Wed Apr 12, 2006 12:29 am
Location: Cabrils, Barcelona - Spain
Contact:

Re: Winbox Security: Password Stored in clear text format

Sat Feb 15, 2014 12:03 pm

Please, make posible to create subgroups of routers in winbox saved list of routers... We have the administration of hubdred of networks with thousand of routers... ITs very hard to find the correct router to enter..
Martín
martinruiz at ibersystems.es
Experto en redes WiFi y enlaces WiFi.

Facebook: @Ibersystems
Twitter: @Ibersystems

Certified in Traffic Shaping, Wireless, Internetworking, Routing and User Management.
MTCTCE - MTCWE - MTCINE - MTCUME - MTCRE
 
Adam84
newbie
Posts: 28
Joined: Mon Mar 26, 2012 8:46 pm

Re: Odp: Winbox Security: Password Stored in clear text form

Sat Feb 15, 2014 1:26 pm

Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.
Do u plan to add some new features (i.e. storing personal default column selection) to WinBox or just some security improvements? Will the new version work natively on linux distro's? I hope u don't wanna based it on java:)

Wysłane z Nokii 3310
 
Sob
Forum Guru
Forum Guru
Posts: 4411
Joined: Mon Apr 20, 2009 9:11 pm

Re: Odp: Winbox Security: Password Stored in clear text form

Sat Feb 15, 2014 4:30 pm

<OT>
I hope u don't wanna based it on java:)
Thanks man, that idea will be ruining my sleep every time I'll remember it. ;) But it would not make much sense anyway. Currently WinBox "just works" on Windows and Linux users have to install WINE, which they might not need for anything else, so I agree it's not as cool. With Java WinBox, everyone would have to install huge and otherwise pretty much useless Java. Doesn't sound like a progress to me.
</OT>
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 69 guests