Page 1 of 1

Winbox Security: Password Stored in clear text format

Posted: Thu Feb 13, 2014 8:30 am
by aacable
I know its not recommended to save the password in mikrotik WINBOX (as password are stored in clear text form in winbox.cfg in local pc user profile), But we HUMANS love being lazy enough or with weak memory sometimes prefer to save the password and the management PC and sometimes this PC is also shared by some other co-admins/colleagues dueto lack of resources :p
In my opinion, It could be annoying backdoor / password leak issue by WINBOX.
Mikrotik developer should really focus in this section , and encrypt the password using strong hash algorithm. I used it few months back at a friend’s admin PC to fetch the iD password with all details as showed in the image. Just imagine what will happen if it fall into wrong hands …
winbox-security-issue.png

Re: Winbox Security: Password Stored in clear text format

Posted: Thu Feb 13, 2014 8:33 am
by normis
Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.

Re: Winbox Security: Password Stored in clear text format

Posted: Thu Feb 13, 2014 8:49 am
by aacable
Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.
Good news NORMIS, & waiting for new WINBOX ... :)

Re: Winbox Security: Password Stored in clear text format

Posted: Sat Feb 15, 2014 12:03 pm
by Ibersystems
Please, make posible to create subgroups of routers in winbox saved list of routers... We have the administration of hubdred of networks with thousand of routers... ITs very hard to find the correct router to enter..

Re: Odp: Winbox Security: Password Stored in clear text form

Posted: Sat Feb 15, 2014 1:26 pm
by Adam84
Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.
Do u plan to add some new features (i.e. storing personal default column selection) to WinBox or just some security improvements? Will the new version work natively on linux distro's? I hope u don't wanna based it on java:)

Wysłane z Nokii 3310

Re: Odp: Winbox Security: Password Stored in clear text form

Posted: Sat Feb 15, 2014 4:30 pm
by Sob
<OT>
I hope u don't wanna based it on java:)
Thanks man, that idea will be ruining my sleep every time I'll remember it. ;) But it would not make much sense anyway. Currently WinBox "just works" on Windows and Linux users have to install WINE, which they might not need for anything else, so I agree it's not as cool. With Java WinBox, everyone would have to install huge and otherwise pretty much useless Java. Doesn't sound like a progress to me.
</OT>