Tenable has published a potential vulnerability in older RouterOS versions where an attacker can retrieve the password hash of a RouterOS username via a complex man-in-the-middle attack over port 8291. The attacker must be able to intercept a valid RouterOS user login attempt, so he must be located in the same network as the legitimate user.

Course of action

This issue only affects old RouterOS versions released before June 2019.

  1. Using a stong password will ensure the password hash cannot be easily decrypted, even if it is retrieved.
  2. MikroTik has already forced the use of Winbox encryption since RouterOS v6.45.x (June 2019).
  3. Make sure your device is not accessible from untrusted networks or use a secure VPN to the router, if you must access it from public spaces. Protect your device using our suggestions and use a recent RouterOS release.