Search

Why TELNET is not secure

The TELNET protocol was designed long back, even before the TCP/IP protocol suite. TELNET was initially designed for the computer networks of 1960’s and 1970’s, when networks were considered safe. TELNET traffic between a TELNET client and TELNET server is not encrypted, unless a third-party encryption tool or protocol is used.

stolen-password.jpg

Data transfer between TELNET client and server, including login ids, passwords, commands and output, are in plain text. A malicious user who has access to the TCP/IP stream between TELNET client and TELNET server can capture the packets assemble the packets to get the user login ids and passwords.

malicious-network-user.gif

A malicious user can view the command output also. Below image shows the captured user id, password and output of dir command executed over telnet. Command executed was DOS dir command, which shows the directory listing of the TELNET server.

login-id-password-captured-telnet.jpg

Because this security reason, new Operating Systems are eliminating TELNET server. Windows 2019 doesn’t have an inbuilt TELNET server.

Related Tutorials
What is TELNET
TELNET modes of operation
TELNET NVT (Network Virtual Terminal)
What is IAC (Interpret as Command) in TELNET
TELNET Commands and Options
TELNET Negotiation
How to install TELNET server in Windows Server using Server Manager
How to install TELNET server in Windows Server using PowerShell
How to start TELNET service in Windows Server
How to connect to Cisco Router using TELNET
How to install TELNET Client in Windows 10
How to use telnet command on Windows and telnet command options
How to test ports using TELNET