Info

Disclosure

Unknown

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The telnet protocol may allow a remote attacker to gain access to sensitive information. The issue is due to the protocol not encrypting the traffic sent between two machines. This allows an attacker with access to the network to potentially monitor or 'sniff' the traffic. Any information transmitted including logins, passwords and sensitive information may be disclosed to any attacker on the same subnet.

Classification

Location: Remote/Network Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable telnet and other unencrypted protocols. Install an encrypted protocol such as SSH to handle remote access.

Products

All Vendors

All Products

All Versions

References

Generic Informational URL: http://www.faqs.org/rfcs/rfc854.html
http://www.linuxsecurity.com/resource_files/network_security/sniffing-faq.html
http://www.washington.edu/computing/windows/issue21/password.html
CVE ID: 1999-0619 (see also: NVD)

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218