Unencrypted Telnet Server
Medium Nessus Plugin ID 42263
SynopsisThe remote Telnet server transmits traffic in cleartext.
DescriptionThe remote host is running a Telnet server over an unencrypted channel.
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.
SolutionDisable the Telnet service and use SSH instead.