MikroTik Winbox up to 3.22 Configuration File settings.cfg.viw Credentials information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in MikroTik Winbox up to 3.22. This issue affects an unknown function of the file settings.cfg.viw of the component Configuration File. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1001259404/16/2020VulD...cve_nvd_summaryMikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.mitre.org04/16/2020accepted100
1001259304/16/2020VulD...cve_assigned1578268800mitre.org04/16/2020accepted100
1001258804/16/2020VulD...cvss3_nvd_aNnist.gov04/16/2020accepted100
1001258704/16/2020VulD...cvss3_nvd_iNnist.gov04/16/2020accepted100
1001258604/16/2020VulD...cvss3_nvd_cHnist.gov04/16/2020accepted100
1001258504/16/2020VulD...cvss3_nvd_sUnist.gov04/16/2020accepted100
1001258404/16/2020VulD...cvss3_nvd_uiNnist.gov04/16/2020accepted100
1001258304/16/2020VulD...cvss3_nvd_prLnist.gov04/16/2020accepted100
1001258204/16/2020VulD...cvss3_nvd_acLnist.gov04/16/2020accepted100
1001258104/16/2020VulD...cvss3_nvd_avLnist.gov04/16/2020accepted100
1001256804/16/2020VulD...cvss2_nvd_aiNnist.gov04/16/2020accepted100
1001256704/16/2020VulD...cvss2_nvd_iiNnist.gov04/16/2020accepted100
1001256604/16/2020VulD...cvss2_nvd_ciPnist.gov04/16/2020accepted100
1001256504/16/2020VulD...cvss2_nvd_auNnist.gov04/16/2020accepted100
1001256404/16/2020VulD...cvss2_nvd_acLnist.gov04/16/2020accepted100
1001256304/16/2020VulD...cvss2_nvd_avLnist.gov04/16/2020accepted100
1001255304/16/2020VulD...cwe26004/16/2020accepted100
1001260104/16/2020VulD...cvss3_nvd_basescore5.5nist.gov04/16/2020accepted90
1001260004/16/2020VulD...cvss3_vuldb_rcX04/16/2020accepted90
1001259904/16/2020VulD...cvss3_vuldb_rlX04/16/2020accepted90

Do you need the next level of professionalism?

Upgrade your account now!