Unencrypted Telnet Server

Medium Nessus Plugin ID 42263


The remote Telnet server transmits traffic in cleartext.


The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.


Disable the Telnet service and use SSH instead.

Plugin Details

Severity: Medium

ID: 42263

File Name: telnet_clear_text.nasl

Version: $Revision: 1.10 $

Type: remote

Family: Misc.

Published: 2009/10/27

Modified: 2015/10/21

Dependencies: 10281, 51890

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N