Unencrypted Telnet Server

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Telnet server transmits traffic in cleartext.

Description :

The remote host is running a Telnet server over an unencrypted
channel.

Using Telnet over an unencrypted channel is not recommended as logins,
passwords, and commands are transferred in cleartext. This allows a
remote, man-in-the-middle attacker to eavesdrop on a Telnet session to
obtain credentials or other sensitive information and to modify
traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from
eavesdropping and can tunnel additional data streams such as an X11
session.

Solution :

Disable the Telnet service and use SSH instead.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: Misc.

Nessus Plugin ID: 42263 ()

Bugtraq ID:

CVE ID: