#MikroTik #CyberSecurity #CVE_2023_30799 #RouterOS #Infosec #PatchTuesday
: Attackers can determine if a username exists on a device by analyzing discrepancies in response sizes or times during login attempts.
The MikroTik RouterOS authentication bypass vulnerability is a serious issue that can have significant consequences if left unpatched. Users of MikroTik devices should take immediate action to upgrade to a patched version of RouterOS and implement additional security measures to protect their devices and networks.
Patched in April 2018; requires port 8291 to be open. CVE-2023-30799 (Privilege Escalation / "FOISted")