Kerberos telnet Crafted Username Remote Authentication Bypass
High Nessus Plugin ID 24998
SynopsisIt is possible to log into the remote host using telnet without supplying any credentials.
DescriptionAn authentication bypass vulnerability exists in the MIT krb5 telnet daemon due to a failure to sanitize malformed usernames. This allows usernames beginning with '-e' to be interpreted as a command-line flag by the login.krb5 program. A remote attacker can exploit this, via a crafted username, to cause login.krb5 to execute part of the BSD rlogin protocol, which in turn allows the attacker to login with an arbitrary username without a password or any further authentication.
SolutionApply the fixes described in MIT krb5 Security Advisory 2007-001, or contact your vendor for a patch.