Where are username and password saved in mikrotik cache, I'm not talking about username/passwords that have already created by admin like hotspot users or pppoe users, I'm saying that if somebody use wrong username/password, how do I know what credentials he is trying to use to login ?
Thanks,
Re: username and password ?
Such information is not saved.
-
-
JP_Wireless
Member Candidate
- Posts: 276
- Joined:
- Location: Lagos Nigeria
- Contact:
Re: username and password ?
Why is it that an Administrator of Mikrotik cannot see the user password?
For example, I have MT user's login as admin1, with full right, admin2, with limited privilage. admin2 forgot or change his password and i need to know it, how do i findout apart from changing it after I login as admin1?
For example, I have MT user's login as admin1, with full right, admin2, with limited privilage. admin2 forgot or change his password and i need to know it, how do i findout apart from changing it after I login as admin1?
Re: username and password ?
Why not possible, I think it can be, because there's login page and there's username Form and password Form when you write user/pass into Form and submit these credentials send to Server for checking But I think they're encrypted they're not in clear text, although encrypted text must be reveal to admin.
Re: username and password ?
It's generally not a common practice, and actually a rather stupid one, to store a user password in plain text. The most common method is the user password is hashed with a salted MD5 and compared to the stored hash in the system.
It seems most systems are going to SHA-256 now instead of MD5 because it increases the difficulty of bruteforcing hashes if someone happens to get the database. It still doesn't solve the problem of weak passwords but the increased computation time slows down the process.
An administrator should never be able to see a user password. They should be able to reset it or change it, but never see the value. The human creature is a lazy animal, they'll reuse passwords rather than create new ones for each site. The hashing system protects the users from dishonest administrators.
It seems most systems are going to SHA-256 now instead of MD5 because it increases the difficulty of bruteforcing hashes if someone happens to get the database. It still doesn't solve the problem of weak passwords but the increased computation time slows down the process.
An administrator should never be able to see a user password. They should be able to reset it or change it, but never see the value. The human creature is a lazy animal, they'll reuse passwords rather than create new ones for each site. The hashing system protects the users from dishonest administrators.
Re: username and password ?
Short note, such information is not available too (in plain text).
Re: username and password ?
Any way user and passwords can be sniffed during users login, I got many user/pass by this method remotely I'm doing a hacking techniques to got user/pass in clear text, even you are not Admin you are normal user you can figure the users credentials, that's why I always say Mikrotik is hackable ! 
Re: username and password ?
I doubt you can get SSH and encrypted Winbox passwords easily.
Anyway for paranoid security, it is always possible to setup IPSec/other tunnel access to router and block everything is possible in firewall to protect from guys like ahang
Anyway for paranoid security, it is always possible to setup IPSec/other tunnel access to router and block everything is possible in firewall to protect from guys like ahang
Re: username and password ?
I doubt you can get SSH and encrypted Winbox passwords easily.
Anyway for paranoid security, it is always possible to setup IPSec/other tunnel access to router and block everything is possible in firewall to protect from guys like ahang
Thanks for being aware from guys like me ! lol