MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Published January 15, 2020.
Mikrotik Routeros
Mikrotik Winbox