The encryption scheme used by Mikrotik's Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party to recover login credentials (username and password) as well as full decryption of the terminal session. Full write up and proof of concept tools are included in this archive.
d0d1affb518b37657fed9af631a57aa3813a11d020ea75cb33748ab31aba0ae0