Community discussions

MikroTik App
 
stormec
just joined
Topic Author
Posts: 9
Joined: Sun Aug 03, 2014 4:38 am

Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 6:56 pm

Greetings

Im running some hardware in my own private lan around my farm, and used the default admin/nopass.
Upon updating it asked me for a new password to be set. As I was doing several updates I hadnt set anything yet. Now, those credentials dont work and I havent set anything new.
error i get is "Wrong Username or Password"

Is there a new default user/pass combo I can use? or am i locked out without a password set?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 7:57 pm

You're not alone: v6.49 cut me off - invalid username or password (rant)

So if you're sure that nobody got in, there's probably some bug somewhere.
 
stormec
just joined
Topic Author
Posts: 9
Joined: Sun Aug 03, 2014 4:38 am

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 8:43 pm

Yip, exact same. Private enviro, all have that issue now .....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 8:48 pm

Yeah its called remove MT from the hands of those that do not change default admin and no password.
This is a feature not a bug!
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 9:10 pm

Your house needs a key to enter.
Your car needs a key to use.

Your router needs a password to keep everyone out who has no business there.

I fail to understand why people consider this a problem.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 9:15 pm

Your house needs a key to enter.
Your car needs a key to use.
:lol: :lol:

I used to live in Canada, i never had to lock my doors , haus or car :D


Maybe if your Router is in Canada you don`t need a password =P
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Wed Dec 22, 2021 10:51 pm

I used to live in Canada, i never had to lock my doors , haus or car :D

Maybe your car was european one and nobody was interested. And having it parked in front porch made the house uninteresting as well? :lol:
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 12:12 am

Yeah, sorry for Audi and Beamer and Merc ..
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 12:13 am

Don`t forget Porsche and Volkswagen =)
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"  [SOLVED]

Thu Dec 23, 2021 12:37 am

I see 2 possible ways ...

- using an old version of WinBox can invalidate the username/password handling (I did not see from what ROS version you upgraded). e.g. ROS 6.45 changed the encryption of the password, before 6.13 it could be recovered from the config backup file, some version changed the password handshake method. Download latest WinBox version 3.31, if that is the tool you use to enter the router.
- but it probably is some "expired password" action viewtopic.php?t=181337#p898388

- recover the router by doing a factory reset.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 1:04 am

Don`t forget Porsche and Volkswagen =)
audi=expensive vw. ;-P
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 1:37 am

This is a feature not a bug!
If it's feature, it should be documented, for example:

"You are allowed to skip setting password X times, but after that the access will be blocked without any further warning. As a punishment for not setting password soon enough, you'll have to factory reset your router to access it again."

Then it would be sort of ok (well, there would be at least a small chance of being viewed as such), but it would still be really weird feature.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 12:49 pm

As a punishment for not setting password
Is it by the number of skips, or by the time elapsed since the skip (password expired is about time, not the number of attempts)?

Strange way to deal with customers. How does the developer know the use case for these devices? I have a pocket mAP Lite, occasional technical use, without passwords. My friend has a stack of spare MT units for replacement. They are booted only for DOA checking. If it's 6..49.2, will he be locked out when the device needs to be deployed?

Prefer the OpenWRT way of doing. Keep warning on every page that the password is missing. But don't lock out the owner !

And the password printed on the outside of the Cube 60 .... :? :shock:
Klembord-2.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by bpwl on Thu Dec 23, 2021 1:00 pm, edited 1 time in total.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 1:00 pm

Your house needs a key to enter.
Your car needs a key to use.
:lol: :lol:

I used to live in Canada, i never had to lock my doors , haus or car :D


Maybe if your Router is in Canada you don`t need a password =P
I can remeber those times also in to the Netherlands.
Indeed having a stick in your car deters potential thieves to steal your car in the USA. Does that also one stick, apply to Canada?

Now you have to keep everthing locked even when youareat home. Avoiding so people putting a gun to your head asking for your Bitcoin wallet.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 1:07 pm

I have a pocket mAP Lite, occasional technical use, without passwords. My friend has a stack of spare MT units for replacement. They are booted only for DOA checking. If it's 6..49.2, will he be locked out when the device needs to be deployed?
I understand what your getting at but that would mean, assuming your mAP Lite makes auto connection to your VPN, someone getting that device into his/her hands does get access to your network as well ?
Convenience has been left outside the door already decades ago as far as security is concerned.
I have ZERO devices under my control where no password is applied if a password can be set. And bar 2 exceptions (2 "lab" devices which do not leave my home office), all unique passwords. That's what a password manager is for.
Not those yellow sticky notes on the side of a monitor ...

As for DOA replacement devices, very first thing to do once these devices get deployed, is to set a suitable password, no ?
It does not make sense to boot them only to see if they can boot ? That only increases the risk they will effectively not boot anymore (HW works like that, deteriorates every power cycle. Marginally, yes, but each cycle increases risk of failure)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 1:11 pm

And the password printed on the outside of the Cube 60 .... :? :shock:
That's to prevent default external access.
Will be different for every device (should be).

And what's the FIRST thing to do when using such device ?
Change the password.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 1:14 pm

And the password printed on the outside of the Cube 60 .... :? :shock:
And good to know the password while it hanging outside of the house as well :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10194
Joined: Mon Jun 08, 2015 12:09 pm

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 2:49 pm

It is likely a preparation for the new EU directive that forbids selling devices with a blank password or fixed password.
Setting your own password during normal installation procedure is to become mandatory. Or else a password printed on the label, like shown above.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 2:54 pm

I understand what your getting at but that would mean, assuming your mAP Lite makes auto connection to your VPN, someone getting that device into his/her hands does get access to your network as well ?
Don't worry about my password policy. And if you get your hands on my mAP Lite .... there is no password on the ethernet port :)
I hope you plug it in, so it VPN connects to my standalone TURN server (hAP Lite) and I can track you down. After that it won't be able to connect.

For the Cube the password was changed immediatly. Device is remote, everybody in that holiday resort could see the password, not me (remote) That's why I had to ask them to take that picture.

That "expired password" lockout, remains a strange way to handle things.

Can one send back a MT router in warranty one year later "because of DOA"?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 3:07 pm

"Lockout" is almost always used in DOS attacks.

1970's : VAX/VMS "system" login can never be locked out at the physical console
1990's: Windows "administrator" is never locked by # failed attemps.

2000 ... PWC adviced me to set the number of fails before lockout on 5. It just takes minutes to bring an Intennational company in full lockdown. CCISP training (SANS) learns you to never do that.

Today ... kid played with smartphone ... " 7 years before your next login attempt can be accepted " :-)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26317
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 4:14 pm

RouterOS does not change your password or lock you out, if you skip the password change box.
Maybe somebody (or malware on your PC) logged in and set it?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 4:25 pm

"Lockout" is almost always used in DOS attacks.

1970's : VAX/VMS "system" login can never be locked out at the physical console
1990's: Windows "administrator" is never locked by # failed attemps.
2000 ... PWC adviced me to set the number of fails before lockout on 5. It just takes minutes to bring an Intennational company in full lockdown. CCISP training (SANS) learns you to never do that.
Today ... kid played with smartphone ... " 7 years before your next login attempt can be accepted " :-)
There is difference between "NO password" and "# of attempts".
The former is a no-no in my view.
The latter is obviously not something you want on an admin account (or someone can effectively lock you out, not even trying to know the password).
Those incremental time-locks is also a thing which needs to be applied carefully and/or they should not increment eternally. Like on a smartphone ;)
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: Upgraded to 6.49.2 - no more access - "Wrong Username or Password"

Thu Dec 23, 2021 4:27 pm

Excellent news ! @Normis

Who is online

Users browsing this forum: Amazon [Bot] and 23 guests