Community discussions

MikroTik App
 
wpio
just joined
Topic Author
Posts: 3
Joined: Wed Jun 08, 2016 12:12 am

Winbox says Wrong User Name or Password (RB750GL)

Wed Jun 08, 2016 12:22 am

Had it happen on two units. After using them for some time, all of a sudden I can't log in through WinBox. And....I never change the factory default name on these RB750's and have always left password blank.

Is my only choice to reset and lose all data? Or can someone tell me what the cause and cure for this is. It's a terrible bug, unless there's something I'm missing. Thanks all. Randy.
 
User avatar
k6ccc
Long time Member
Long time Member
Posts: 602
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Winbox says Wrong User Name or Password (RB750GL)

Wed Jun 08, 2016 2:54 am

Can you log into the router via http, ssh, or ftp? That would confirm if the router changed password.

And you did back up the config regularly - right?
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
jarda
Forum Guru
Forum Guru
Posts: 7763
Joined: Mon Oct 22, 2012 4:46 pm

Re: Winbox says Wrong User Name or Password (RB750GL)

Wed Jun 08, 2016 7:50 am

Maybe someone knows the defaults and logged in and changed the password. Your bad luck. There are some things you must do when unpacking the router out of the box. Creating new admin user with nonstandard name and with a password together with deletion of standard admin user is one of them.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24745
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Winbox says Wrong User Name or Password (RB750GL)

Wed Jun 08, 2016 12:45 pm

I never change the factory default name on these RB750's and have always left password blank.
big, big mistake. please never do that. it is one of the most basic things to do - change your password immediately after unpacking the device. do it while device is only connected to your PC, so that nobody from LAN can do it before you.
No answer to your question? How to write posts
 
wpio
just joined
Topic Author
Posts: 3
Joined: Wed Jun 08, 2016 12:12 am

Re: Winbox says Wrong User Name or Password (RB750GL)

Thu Jun 09, 2016 10:13 pm

Can you log into the router via http, ssh, or ftp? That would confirm if the router changed password.
Tried http://192.168.10.1 to get into the router from browser. No luck.

Are you saying there's an ftp server in the router?
And you did back up the config regularly - right?
No. But I will, however does that allow a recovery of the profile I made? Seems it's just to keep in memory what you're doing in that session. If I reset to factory, a saved config wouldn't be available would it? I'm learning.
 
wpio
just joined
Topic Author
Posts: 3
Joined: Wed Jun 08, 2016 12:12 am

Re: Winbox says Wrong User Name or Password (RB750GL)

Thu Jun 09, 2016 10:17 pm

Maybe someone knows the defaults and logged in and changed the password.
Do you mean from the web? No one in this room has access to the RB750GL but me. FWIW, it is connected to a static/public IP from Brighthouse (AKA Charter Communications).

Only one device is connected to the router: a laptop. Ports 8000 and 5900 are used for streaming and VNC respectively. Perhaps I'm a sitting duck.
 
User avatar
k6ccc
Long time Member
Long time Member
Posts: 602
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Winbox says Wrong User Name or Password (RB750GL)

Fri Jun 10, 2016 5:28 pm

Unless you added a firewall rule to prevent it, you left a router on a public IP that will respond on port 80 with the factory default ID and no password?  To make it worse, the login page identifies what type of equipment that is responding so even if a hacker does not happen to know the default password, a fast google search will give the answer.

I would put money that you got hacked.  Reset it and start over....

For a little security, do these three steps:
Change the default ID AND password,
Add a firewall rule that blocks access to the router from the internet,
Change the services ports so you have to use a non-standard port to access the router.
BTW, that's just the first steps, but can be done in about 30 seconds....
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
makp
newbie
Posts: 34
Joined: Thu Apr 28, 2016 12:21 pm

Re: Winbox says Wrong User Name or Password (RB750GL)

Sat Jun 11, 2016 12:29 pm

Mikrotik RouterOS
[hr]
CVE-2016-85005
A long standing problem in the Mikrotik RouterOS is the default username and password. All versions including the 6.34 release have default user of “admin” with no password. While some folks change this, many devices are compromised within the first few hours of it being put on line. During our tests, a device with the username “admin” and no password was compromised within 15 minutes and had 9 unique pieces of malware running within 20 minutes. While not having a password can be helpful for initial setup, it should not be allowed to complete setup nor allow SSH access without a password.
http://blog.cari.net/carisirt-defaultin ... -security/
 
jarda
Forum Guru
Forum Guru
Posts: 7763
Joined: Mon Oct 22, 2012 4:46 pm

Re: Winbox says Wrong User Name or Password (RB750GL)

Sat Jun 11, 2016 1:40 pm

What malware was running on your mikrotik device?

Who is online

Users browsing this forum: vasilevdim and 58 guests