BayTech RPC-3 Telnet Daemon Remote Authentication Bypass

Critical Nessus Plugin ID 17663


The remote TELNET server is affected by an authentication bypass flaw.


The remote host is running a version of Bay Technical Associates RPC3 TELNET Daemon that lets a user bypass authentication by sending a special set of keystrokes at the username prompt. Since BayTech RPC3 devices provide remote power management, this vulnerability enables an attacker to cause a denial of service, shut down the device itself as well as any connected devices.


None at this time. Filter incoming traffic to port 23 on this device.

See Also

Plugin Details

Severity: Critical

ID: 17663

File Name: baytech_rpc3_telnetd_auth_bypass.nasl

Version: $Revision: 1.15 $

Type: remote

Published: 2005/04/01

Modified: 2011/03/11

Dependencies: 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/03/31

Reference Information

CVE: CVE-2005-0957

BID: 12955

OSVDB: 15299