Telnet Enabled

Overview of the Vulnerability

When telnet is enabled, all data sent over the connection is unsecured as telnet transmits all data via plain text. An attacker could perform a Person-in-the-Middle (PitM) attack and access sensitive data being transmitted via the telnet connection. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.

Business Impact

This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.

Steps to Reproduce

Issue the following command line in the terminal window: telnet {{application}}
Observe that a telnet connection is successfully established between the client computer and the application

Proof of Concept (PoC)

Below is a screenshot demonstrating that a successful telnet connection can be made:

Guidance

Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.

For this finding, please include a video of sensitive information being copied to the clipboard inside the application, and the same information being pasted somewhere else to show that it was successfully copied.

Attempt to abuse the system clipboard being enabled by showing that a malicious application with clipboard access could use the information in some impactful way. If this is possible, provide a full Proof of Concept (PoC).

Recommendation(s)

Disable the user of telnet for the application’s connection to the server. Instead, SSH can be used.

For more information, please see the Open Web Application Security Project (OWASP) guide located at: https://owasp.org/www-community/vulnerabilities/Insecure_Transport

PreviousNetwork Security Misconfiguration NextPhysical Security Issues

Last updated 1 year ago