BayTech RPC-3 Telnet Daemon Remote Authentication Bypass

critical Nessus Plugin ID 17663

Synopsis

The remote TELNET server is affected by an authentication bypass flaw.

Description

The remote host is running a version of Bay Technical Associates RPC3 TELNET Daemon that lets a user bypass authentication by sending a special set of keystrokes at the username prompt. Since BayTech RPC3 devices provide remote power management, this vulnerability enables an attacker to cause a denial of service, shut down the device itself as well as any connected devices.

Solution

None at this time. Filter incoming traffic to port 23 on this device.

See Also

https://marc.info/?l=bugtraq&m=111230568025271&w=2

Plugin Details

Severity: Critical

ID: 17663

File Name: baytech_rpc3_telnetd_auth_bypass.nasl

Version: 1.17

Type: remote

Published: 4/1/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/31/2005

Reference Information

CVE: CVE-2005-0957

BID: 12955