logo

Port 23 – Telnet

Service:

telnetd

Protocol:

TCP

Port:

23

Used for:

Remote shell access over plaintext (legacy)

Why It’s Open

Before SSH, Telnet was the go-to protocol for remote shell access. Still found on network devices, legacy systems, and embedded hardware.

Common Risks

  • No Encryption: All credentials and data are in plaintext.
  • Default Credentials: Frequently enabled with weak or unchanged passwords.
  • No Logging or Access Controls: Hard to monitor misuse.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if it’s open

Terminal window
nmap -p 23 -sV


telnet

What to Look For

CheckpointWhat it means
Successful loginInsecure access
No password requiredVery high-risk misconfig

Known Exploits

  1. CVE-2016-0772

*Python smtplib StartTLS Stripping Vulnerability. *In certain versions of Python’s smtplib library, the SMTP.starttls() method does not raise an exception when the server fails to respond appropriately during the STARTTLS negotiation. This behavior can be exploited by a man-in-the-middle (MITM) attacker to perform a STARTTLS stripping attack, effectively downgrading the connection from a secure TLS-encrypted channel to an unencrypted one without alerting the client.

Affected Versions: Python versions prior to 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2.

Impact: Allows attackers to intercept and potentially modify sensitive information transmitted over what is assumed to be a secureconnection.

🔗 NVD Entry

  1. CVE-2015-0235 *GHOST Vulnerability in glibc. *A heap-based buffer overflow was discovered in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This vulnerability, dubbed “GHOST,” can be triggered by applications that pass user-controlled data to the gethostbyname() or gethostbyname2() functions. Exploiting this flaw could allow remote attackers to execute arbitrary code on the affected

Affected Versions: glibc versions 2.2 through 2.17.

Impact: Potential for remote code execution, leading to full system compromise.

🔗 NVD Entry

Mitigation

  • Replace with SSH.
  • Disable Telnet on all interfaces.
  • Use ACLs/firewalls to restrict access.

Real-World Example

Thousands of IoT devices have been compromised via Telnet using default creds (e.g., root:admin) in botnets like Mirai.

TL;DR

  • Service: Telnet (Remote Login Service)
  • Default Port: 23
  • Risks: Unencrypted communication, credential interception
  • Mitigation: Disable Telnet, use SSH instead