After upgrade to 6.43 winbox can't login , always same error "Wrong Username or Password"

So I reset to factory default, I setup my backup and everything was working OK. but after few days I got same issue. Can't login.

I tried with many winbox versions but always same result.

do you know what is happening here?

Thanks you.

Winbox 3.18 just released.
viewtopic.php?f=21&t=139189

Have you tried that version?

Hi,

I´m heaving same issues with a few installations since ros6.42, i am unable to login with both of our usernames.

"Wrong Username or Password"

Same issue with winbox 3.18...

Any help ?

Did you try to log in with SSH/Telnet/Webfig also?

Did you try to log in with SSH/Telnet/Webfig also?

SSH is disabled and telnet "connection refused". local or remotely.

Best regards

RB3011 running 6.40.9, 2 days ago recieved "wrong username or password" in winbox. User is not "admin", password is strong enough. LCD touch was disabled.
A crack - i think, than netinstall, 6.43, total reconfig (had no backups)... and today i recived the same message "wrong username or password". All services, exept winbox, are disabled. Winbox is allowed from internal network and for 1 external IP (my work). LCD is workind, i can reset config, but what a hell is going on?
Is it a issue or open gate for hack?

RB3011 running 6.40.9, 2 days ago recieved "wrong username or password" in winbox. User is not "admin", password is strong enough. LCD touch was disabled.
A crack - i think, than netinstall, 6.43, total reconfig (had no backups)... and today i recived the same message "wrong username or password". All services, exept winbox, are disabled. Winbox is allowed from internal network and for 1 external IP (my work). LCD is workind, i can reset config, but what a hell is going on?
Is it a issue or open gate for hack?

Did you use the same credentials that you had on the router before you upgraded to 6.40.9? Attackers were harvesting router credentials for months before the vulnerability was discovered in April of 2018. If you configured the same credentials in use prior to upgrading to 6.40.9, your credentials are probably compromised.

Did you use the same credentials that you had on the router before you upgraded to 6.40.9? Attackers were harvesting router credentials for months before the vulnerability was discovered in April of 2018. If you configured the same credentials in use prior to upgrading to 6.40.9, your credentials are probably compromised.

I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.

I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.

Have you tried Winbox 3.18? There's a potential fix there. I just realized you aren't the OP. The OP tried 3.18, but you haven't said you tried it.

Winbox 3.18 also was tried. No results.

Any news? I've got the same issue also ....

RB951
Upgraded to 6.40.9 two weeks ago (was attacked by mining scrypt), next days logon was successful, last successful connect was Sep 11, but now "Wrong user or password .."
Tried Winbox 3.11, 3.14, 3.18 - all negative.

Unfortunately - all impacted routers are on remote sites ...

Any ideas ? How to restore access to routers without send it from remote to local office ?

I had update my RB951Ui-2HnD to ver. 6.42.7, and now not login "ERROR: wrong username or password".
Winbox 3.18 ver. not solved issue.

Any news? I've got the same issue also ....

RB951
Upgraded to 6.40.9 two weeks ago (was attacked by mining scrypt), next days logon was successful, last successful connect was Sep 11, but now "Wrong user or password .."
Tried Winbox 3.11, 3.14, 3.18 - all negative.

Unfortunately - all impacted routers are on remote sites ...

Any ideas ? How to restore access to routers without send it from remote to local office ?

I have same issue, and also RB951

As i've got understood, versions below 6.43 are compromised for attack. I've had to upgrade to 6.43 and total reconfig (because backup files aslo send message about wrong password, btw they were written without any password at all).

As i've got understood, versions below 6.43 are compromised for attack. I've had to upgrade to 6.43 and total reconfig (because backup files aslo send message about wrong password, btw they were written without any password at all).

As far as I saw - in 6.40.9 also has fixes for security issues ....

Anyway, how did you upgrade to 6.43 ? Via NetInstall ? With clearing config ?

6.40.9 was hacked after 2 days after update (14 sept). Winbox port was opened for internal network and only for 1 external IP (my work). All other services were disabled. Firewall rules protected as usual.
After "wrong username or password" i could reset configuration via LCD. After update 6.43: the oldest backup, that i could restore, had made device unuccessable vai all protocols.
So i had to unpack all my knowledge i hadn't been use for 2 years and reconfig about 40 routes, 6 pptp clients, xx firewall, mangles, nat, etc... fuck them all... Backup every 10 minutes and try to restore this backup file to be sure it can be restored. About 6 hours of sex...
6.43 is living now about 40 hours.

Good day!
hacking being asked, but (unfortunately)
installed 6.43, got " wrongusername..."
've reset the configuration, restore configuration,
entered a new user and password.
Set a limit on the connection "winbox" by IP
it took 5 days
I try to connect "winbox".... getting " wrongusername..."

winbox version 3.18 also does not help.

To restore all of course not for long.... the question is for how long...

Besides changing passwords, are there any other recommendations?

Good day!
hacking being asked, but (unfortunately)
installed 6.43, got " wrongusername..."
've reset the configuration, restore configuration,
entered a new user and password.
Set a limit on the connection "winbox" by IP
it took 5 days
I try to connect "winbox".... getting " wrongusername..."

winbox version 3.18 also does not help.

To restore all of course not for long.... the question is for how long...

Besides changing passwords, are there any other recommendations?

Netinstall 6.43.2 on the device with no configuration and start from scratch. Do no copy paste old backup or export lines as the virus changed many things.

Best Regards

The further, the more the impression is created that the firmware of the router turns into one big hole, the hole from the ass.
And in order to somehow protect the router from attacks, you need to write 100500 rules to plug all possible holes.
Mikrotik, are you serious?

Suggestion by @spacemind might not be the best. I'd start from default setup, which has decent firewall rules (20 or so, definitely much less than 100500) that protect RB from attacks originating from internet. And then proceed with adding necessary changes according to needs. Definitely avoid all those youtube tutorials unless you know what you're doing (but then you don't need them).

Recovery of hacked router should be taken as (not so) great opportunity to reconsider past decissions ... as they quite obviously weren't all that great.

I'm not a MT veteran, I'm using RBs for 2.5 years. I have a gut feeling though that default FW filter rules did evolve during this time, but I won't bet on this ... I don't vouch for whatever I did at that time
But when ROS is upgraded on a device, its configuration is not changed (unless there's some architectural change). So newer, safer, default FW rules never apply to old device unless admin does it by hand.

I think it has easy answer. Mikrotik has been hacked. Everyone thought it was an strong system. but now, at least for me. 5 of 21 machine have no access. ( Strong password, strong firewall rules ).

heya, I go connection refused on port 80 and 443, only telnet is working, I wonder if this is a hack or just a malfunction, /ip system web & ssh is enabled, please could someone tell me how to check this correctly, tomorrow I am on the site, thanks

i guess a reboot solved the topic, or i cannot remember but for me i don't need help anymore in this topic, thank you

I encountered the same problem when I upgraded my RB os from v6.49 to v7.2. I tried to reset it but it didn't work for me. What worked for me was downloading the latest version of winbox. You could try that too.