This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
It is possible to log into the remote host using telnet without
supplying any credentials.
An authentication bypass vulnerability exists in the MIT krb5 telnet
daemon due to a failure to sanitize malformed usernames. This allows
usernames beginning with '-e' to be interpreted as a command-line flag
by the login.krb5 program. A remote attacker can exploit this, via a
crafted username, to cause login.krb5 to execute part of the BSD
rlogin protocol, which in turn allows the attacker to login with an
arbitrary username without a password or any further authentication.
See also :
Apply the fixes described in MIT krb5 Security Advisory 2007-001, or
contact your vendor for a patch.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : true