Unencrypted Telnet Server

medium Nessus Plugin ID 42263


The remote Telnet server transmits traffic in cleartext.


The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.


Disable the Telnet service and use SSH instead.

Plugin Details

Severity: Medium

ID: 42263

File Name: telnet_clear_text.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 10/27/2009

Updated: 6/12/2020

Risk Information

CVSS Score Rationale: Information disclosure vulnerability.


Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: manual


Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N