SynopsisThe remote Telnet server transmits traffic in cleartext.
DescriptionThe remote host is running a Telnet server over an unencrypted channel.
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.
SolutionDisable the Telnet service and use SSH instead.
File Name: telnet_clear_text.nasl
CVSS Score Rationale: Information disclosure vulnerability.
CVSS Score Source: manual