N/A

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.

N/A

N/A

MikroTik RouterOS 安全漏洞

MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中，使其提供路由器功能。 MikroTik RouterOS v6.43版本至v7.16.1版本存在安全漏洞，该漏洞源于使用有效用户名和无效用户名进行的连接尝试之间的响应时间存在差异，可能导致攻击者可以枚举有效帐户。

N/A

N/A