Community discussions

MikroTik App
 
elnota
just joined
Topic Author
Posts: 2
Joined: Mon Dec 23, 2019 5:42 pm

"dude" and "read" privileges allows you to see/use other user/passwords?

Mon Dec 23, 2019 6:00 pm

Hello everyone!

We want to provide our "not technical" staff with an overview of the network status using The Dude. For that I created a custom "DudeViewOnly" user with just "dude" and "read" privileges. So now I can login using that user and view the network map, and if I try to do a change anything in the map I get error. That's good!

The problem is that "DudeViewOnly" user has access to the [Device.UserName] and [Device.Password] of all my devices thought the Tools, having in fact full control of the network. For instance, it's possible to launch Winbox using the following tool, with the full privileges user:

%HOMEPATH%\Desktop\winbox.exe [Device.FirstAddress] [Device.UserName] [Device.Password]

Please, note that the user only has "dude" and "read" privileges enabled. "sensitive" is not enabled.

I'm using The Dude 6.45.7.

Is this a security flaw or a missunderstanding from my side? How can I make the user to be just able to see the map and that's all?

Thanks in advance!

Who is online

Users browsing this forum: No registered users and 16 guests